It may feel like our lives are returning to some kind of normalcy here in the UK, with such pre-2020 activities as music festivals, sporting events, and going to the pub without booking a table three months in advance very much back in play. One thing that hasn’t returned, though, is the office – at least for many of us. With workers’ returns to the office seemingly stalling, it’s fair to say that a degree of remote working will remain the norm for some time to come.
Remote working has presented a huge shift in the cybersecurity landscape – expanding organisations’ attack surfaces well beyond the traditional office-based perimeter, while ushering in an evolution in cyber-attack methods as hackers have sought to take advantage of the new hybrid working world.
How remote working changed the cybersecurity landscape
It’ll be news to nobody that the frequency and sophistication of cyber-attacks has increased significantly since 2019 – to the extent that cyber risks are now the biggest concern for companies globally in 2022.
Remote working has certainly fuelled part of this increased threat risk and awareness, but the honest truth is that remote working in and of itself needn’t introduce avoidable risk. That’s as long as it’s implemented properly.
Organisations throughout the UK rushed to implement remote working in March 2020, and the truth is that many organisations are only now starting to address some of the mistakes they made in haste.
In order to get employees working from bedrooms, coffee tables and – for the lucky few – home offices, VPN endpoints were stood up at speed – sometimes in organisations that previously did not have experience in setting them up.
You might also like
Laptops and tablets were given out to users without a well-considered build process in place, meaning that inconsistent build standards were a very real possibility. And without the time to set up proper remote administration workflows, users could find themselves left to administrate themselves in the early stages.
The remote administration of organisations’ infrastructures also played a big part. System Admins forced into working from home needed jump boxes, administration interfaces for firewalls and other devices exposed just so they could keep the lights on. Again, the setup of these provisions was often done in haste without enough consideration for the security issues they could bring.
If this sounds familiar to you and you haven’t suffered any seriously detrimental effects, congratulations! Good for you. But in order to protect your organisation and maintain operational integrity, you need to adjust.
How you need to adjust
Obviously there’s no single action you can take to safeguard your organisation from cyber-attacks – especially as our hybrid working approaches evolve, along with hackers’ attack methods. Here are five steps you should look to take in the very near future to make your working days, evenings and weekends significantly more anxiety-free.
- Assess your cyber posture and identify areas for improvement. The volume, variety and sophistication of cybersecurity threats have increased significantly, with organisations under constant threat of data loss and disruption from security breaches. Assess your organisation’s cybersecurity readiness and your ability to address weaknesses, paying special attention to highlighting potential security gaps and creating a roadmap to reduce vulnerabilities.
- Train your people on how to spot and deal with cyber-attacks. Depending on your users’ cyber awareness, they can either be your biggest security assets – or your biggest vulnerability. Delivering comprehensive cybersecurity training and education on best practices throughout your organisation is quite possibly more important than any technology could ever be alone.
- Introduce multi-factor authentication. The received wisdom among cyber incident response providers is that the vast majority of cyber-attack victims do not have multi-factor authentication (MFA) in place. Deploying MFA across your workforce is the sort of cybersecurity hygiene that should be absolutely fundamental in 2022.
- Implement managed endpoint security. Endpoint protection is essential in today’s hybrid working world – but without a monitoring and reaction layer, it can count for relatively little. The message here is that technology alone is not enough – the volume of alerts an endpoint protection service will generate is far too great and complex for most IT departments to manage. Engage with a cybersecurity operations centre (CSOC) managed by skilled specialists, along with a regular schedule of penetration testing, to evolve the narrative to prevention, not reaction.
- Carry out regular penetration testing exercises. A decade ago, penetration tests were often seen as an annual exercise. Fast-forward to today, and the annual penetration testing tick box exercise no longer cuts it. Different types of penetration test align to different cybersecurity postures and organisational priorities, but one thing is clear: penetration testing in 2022 forms a key pillar of any organisation’s cybersecurity posture, and if you get it right your penetration testing schedule will help you identify where you face the highest risk – and put in the budget and resource to address it before it can be exploited.
Getting it right to protect your organisation
March 2020 was a shock to the system, but it was more than two years ago now. We all know that remote working is here to stay, and we all need to take steps to solidify our cybersecurity approaches in-line with the evolving operating landscape. If you deployed remote working technology and processes in haste, don’t worry – loads of people did. But now’s the time to wrestle back control and implement robust best practices that will protect your people and your systems before hackers can compromise them.
Andy Swift is technical director of offensive security at Six Degrees.