In 2023, Airbus Protect demonstrated unparalleled achievements in cyber defence, marking a significant milestone for the company. Four key events in Germany contribute to the organisation's commitment to excellence and innovation in the ever-evolving landscape of cybersecurity.Read more
Expectations vs. Reality: Cybersecurity and Remote Working
Remote working is not a new area for IT and cybersecurity experts, however in the last few years it has now been pushed to the forefront and become a hot topic that organisations globally must consider. From where we are currently sat, this change looks like it may be the new normal, and it is not switching back anytime soon.
From where we are currently sat, this change looks like it may be the new normal, and it is not switching back anytime soon.
Why is remote working so significant?
When the pandemic unexpectedly arose organisations were not fully prepared and the supporting infrastructures for this change were not in place. Despite this, the world continued to move, and so as a result various ways of connecting to an organisation’s facilities spawned; this has extended the attack surface to a never seen before level. With organisations’ work from home dynamic remaining, this threat remains significant.
From the technical perspective, three main scenarios have spawned:
The ‘No Trust’: Assets that can be only used with a Virtual Private Network (VPN) on and no side communication is allowed, just like an inside asset, as controlled and hardened as it should be.
The ‘Partial Trust’: Assets that allow the user to have a side activity (controlled by CASB (Cloud Access Security Broker), EDR (Endpoint Detection and Response), etc.), but ask for a connection when the activity is around office work and company data.
The ‘Whatever’: Bring Your Own Device or uncontrolled assets, but with access only to ‘public’ apps or through Virtual Desktop Infrastructures to gain access to internal apps.
Why is the technical side of things relevant?
Although some organisations can maintain control, varying scenarios highlight the dispersion of control that the majority of organisations now face. The importance of control here directly links to risk. Risks in an uncontrolled environment are harder to manage and thus organisations now face a higher potential that cyber threats are successful, compromising the company in a number of ways. This is a vital consideration for Critical National Infrastructures, where the result of such a threat can be detrimental.
The technical perspective does not solely pose the threat. Human factors are also a large contributing factor that must be considered.
How do organisations control human behaviour?
When we move to the user side, we notice that not everybody is at the same level of security awareness, particularly when thinking about working in public spaces. It might seem obvious to not speak loudly about data or sensitive projects in public spaces, to lock sessions, to be sure that nobody can see your screen, etc., but it’s not.
For that, organisations need to teach and emphasise on the consequences of those behaviours. And at the same time, must be sure that their detection systems can handle user behaviour and take that into account. The specificity of critical functions must also be considered and organisations must be sure that security is at the right level.
It’s always hard to determine what the future will look like, but we know for a fact that remote working will remain. Organisations have to focus on being sure that employees are aware and understand the increased threat level we’re facing. Cybersecurity Operators should quickly support employees in case of suspected security incidents, and messages should be reinforced around threat, risks, and behaviour, and provide guidance, and help users with assets that fit properly to their needs without weakening security.
On another end, organisations should consider robust controls over configurations and functions, be prepared to enhance identity and authorisation checking, harden filtering and systems, and be sure that no bypass to the crown jewels actually exists.
Remote working doesn’t mean that everything is wide open to the world, the access should, au contraire, be tighter than ever.
Considering the high risk that is posed through passively implementing remote working, incorporating a well defined preventive plan is vital in combating cyber risk from adverse actors. Technical and human factors will always pose a risk in remote working, but how a company plans to deal with those risks is what makes the difference.
If you liked this article and would like to learn more contact us.
More on Cybersecurity
Cyber Threat Intelligence Part 2 : How to support SOC’s Threat Hunting & Detection Engineering efforts
In the first part of this CTI focused blog posts series, we introduced the Intelligence Production Cycle and proposed a functional & technical architecture for a Cyber Threat Intelligence Platform integrated into and supporting both SOC and Incident Response (IR) operations.Read more
As the new year begins, with the world being more connected than ever and technology advancing rapidly, we want to reflect on crisis management and why it is so important for companies.Read more