On 2024-01-23
by Lionel Garacotche, Technical Office Leader for IT Cybersecurity Architecture at Airbus Protect
Cybersecurity

Expectations vs. Reality: Cybersecurity and Remote Working

Expectations vs. Reality: Cybersecurity and Remote Working

Remote working is not a new area for IT and cybersecurity experts, however in the last few years it has now been pushed to the forefront and become a hot topic that organisations globally must consider. From where we are currently sat, this change looks like it may be the new normal, and it is not switching back anytime soon.

From where we are currently sat, this change looks like it may be the new normal, and it is not switching back anytime soon.

Summary

Why is remote working so significant?

When the pandemic unexpectedly arose organisations were not fully prepared and the supporting infrastructures for this change were not in place. Despite this, the world continued to move, and so as a result various ways of connecting to an organisation’s facilities spawned; this has extended the attack surface to a never seen before level. With organisations’ work from home dynamic remaining, this threat remains significant.

From the technical perspective, three main scenarios have spawned:

The ‘No Trust’: Assets that can be only used with a Virtual Private Network (VPN) on and no side communication is allowed, just like an inside asset, as controlled and hardened as it should be.

The ‘Partial Trust’: Assets that allow the user to have a side activity (controlled by CASB (Cloud Access Security Broker), EDR (Endpoint Detection and Response), etc.), but ask for a connection when the activity is around office work and company data.

The ‘Whatever’: Bring Your Own Device or uncontrolled assets, but with access only to ‘public’ apps or through Virtual Desktop Infrastructures to gain access to internal apps.

 

Why is the technical side of things relevant?

Although some organisations can maintain control, varying scenarios highlight the dispersion of control that the majority of organisations now face. The importance of control here directly links to risk. Risks in an uncontrolled environment are harder to manage and thus organisations now face a higher potential that cyber threats are successful, compromising the company in a number of ways. This is a vital consideration for Critical National Infrastructures, where the result of such a threat can be detrimental.

The technical perspective does not solely pose the threat. Human factors are also a large contributing factor that must be considered.

 

How do organisations control human behaviour?

When we move to the user side, we notice that not everybody is at the same level of security awareness, particularly when thinking about working in public spaces. It might seem obvious to not speak loudly about data or sensitive projects in public spaces, to lock sessions, to be sure that nobody can see your screen, etc., but it’s not. 

For that, organisations need to teach and emphasise on the consequences of those behaviours. And at the same time, must be sure that their detection systems can handle user behaviour and take that into account. The specificity of critical functions must also be considered and organisations must be sure that security is at the right level. 

It’s always hard to determine what the future will look like, but we know for a fact that remote working will remain. Organisations have to focus on being sure that employees are aware and understand the increased threat level we’re facing. Cybersecurity Operators should quickly support employees in case of suspected security incidents, and messages should be reinforced around threat, risks, and behaviour, and provide guidance, and help users with assets that fit properly to their needs without weakening security.

On another end, organisations should consider robust controls over configurations and functions, be prepared to enhance identity and authorisation checking, harden filtering and systems, and be sure that no bypass to the crown jewels actually exists. 

 

Remote working doesn’t mean that everything is wide open to the world, the access should, au contraire, be tighter than ever.

Considering the high risk that is posed through passively implementing remote working, incorporating a well defined preventive plan is vital in combating cyber risk from adverse actors. Technical and human factors will always pose a risk in remote working, but how a company plans to deal with those risks is what makes the difference.

 

If you liked this article and would like to learn more contact us.

  • Share

More on Cybersecurity

AI in the OT realm in the future Cybersecurity

Future Tech, Future Threat, Future Ready? Artificial Intelligence & OT

As we’re planning our attendance at the UK’s flagship cyber security event Cyber UK 2024, the strapline of “Future Tech, Future Threat, Future Ready” has given us the opportunity to think about the future trends in OT Security and what they could mean for the industry. You can’t have not noticed the proliferation of Artificial [...] Read more
Supply chain attacks and how to fight them Cybersecurity

Airbus Protect explains: Supply Chain attacks and how to fight them

Supply Chain attacks are an underestimated risk for companies, where cyber threat actors can hack into a software vendor’s network, posing a significant danger to many companies. Who may be affected by these attacks? Every company of every branch who is in a business relationship to a third-party vendor who offers services or software to […]

Read more