Remote Working Is Transforming The Security Landscape

Uploaded on 2020-05-06 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

COVID-19 has captured the world’s attention on an unprecedented scale, and there’s hardly an industry or sector that hasn’t been affected in some way by the rapid global spread of the pandemic. Right now over 17m unemployed US citizens have applied for unemployment benefits in the past month of April because of the effects of the virus.
 
Start-ups, small companies, SMBs, multinational organisations, every company is facing an operational crunch. 
While some companies are shifting to the remote work culture, many other companies are hanging by a thread because of lack of funds, shortage of clients, reduced workforce, and scarce resources to sustain remote work culture. 
 
One of the biggest concerns of organisations across the world right now is cyber security. With workforces now at home connecting to their business’s networks remotely, ensuring these connections are secure is of paramount importance during and after the COVID-19 crisis.
 
Ensuring endpoint security is reliable and robust is a prerequisite, but so is training for staff who may not have the insights and awareness to combat ransomware and scareware attacks.
 
Nearly every type of established cyber-attack has been used with coronavirus themes, including business email compromise, credential phishing, malware, and spam email campaigns. The most popular and effective attack is credential phishing. The threat actors behind these attacks run from small unknown actors to prominent threat actor. UK Government statistics revealed that 75% of large organisations were hacked last year, meaning this enhanced threat is all the more worrying.
 
Cyber criminals are leveraging the emergency situation and targeting people via phishing emails tricking them into clicking on malicious links and giving up their sensitive information. While companies continue to fight against the increasing cyber-crimes and threats, there’s a lot happening around the world.  
 
The Zero Trust Principle in Cyber Security
 
Ensuring endpoint security is reliable and robust is a prerequisite, but so is education for staff who may not have the insights and awareness to combat ransomware and scareware attacks.Phishing attacks have risen an unprecedented 667% in the UK compared to February, as malicious actors trick users via fake coronavirus alerts. Government statistics revealed that 75% of large organisations were hacked last year, meaning this enhanced threat is all the more worrying.The term “Zero Trust Principle” has been making rounds in the cyber security landscape.
 
The zero trust principle implies that no entity should be trusted within or outside the organisation. It is a holistic approach to network security that entails a wide range of technologies and assets. 
 
While traditional IT security uses a castle-and-moat concept, where it is difficult to gain access from outside the network, but insiders are trusted by default. The zero trust principle suggests that no one should be trusted by default, irrespective of whether they are an employee, a management leader, or a third-party service provider. It assumes that attackers can be on both within and outside of the network, so no machines, networks, or users should be automatically trusted.
 
Although the size of the company doesn’t matter in terms of developing a response plan to cyber attacks or cybersecurity preparedness, there is a big difference between established, international corporations, and SMEs. 
 
Big firms often have the resources required to combat cyber-attacks as they often have well-structured security plan in place which also entails a response plan to cyber-attacks, funds required to compensate their customers or stakeholders in case their data is compromised in the breach, and skilled professionals who know exactly how to tackle cyber security threats and attacks. 
 
SMEs are often not as well prepared for fighting off a cyber attack and according to Verizon, 43% of breach victims were small businesses. 
 
These attacks come from phishing, social engineering, malware, insider threats, or brute-force attacks, small businesses often suffer the wrath of data breaches and cyber-attacks.  This doesn’t mean that small businesses do not want to invest in cyber security, but they have a lot on their platter to deal within a limited budget which makes it difficult for them to dedicate a sufficient amount of resources towards cyber security. 
 
When it comes to remote working, things only get worse but again, the worst affected by the Covid-19 crisis is the small scaled startups and SMEs that are still trying to work out how to keep their operations and management functioning without risking the security of their organisation. 
 
Get started with published frameworks, such as the one given by National Institute of Standards and Technology (NIST) who offer robust framework.
 
By implementing a number of processes, training, and technology measures, companies can reduce the likelihood of cyber-attacks and avoid experiencing a cyber crisis to the challenges related to COVID-19.  But, there’s definitely something you can do to protect your organisation from cyber-attacks caused due to remote work. 
  • Assess your company’s core IT infrastructure for remote working. 
  • Implement strong security for networks and devices operating during remote work. 
  • Integrate cybersecurity plans in your business model for remote working. Make sure security is one of the top priorities to consider while shifting to remote work.
  • Establish security protocols for remote workers to ensure authentication and authorisation
  • Limit access to databases containing sensitive information. 
  • Use secure tools to ensure protection of data. Train remote employees to use these tools and features securely.
  • Update your cyber security response plan to address the challenges of COVID-19. 
  • Maintain awareness about security, location, performance, and overall work hygiene of all employees.
 
While this is not a comprehensive list of security measures, these will definitely help you get started and maintain better security in your organisation. 
 
HackerMoon:          Silicon:      Security Brief
 
For a cost fective  Cyber Audit Report on your organisation’s cyber security and advice about cyber training please contact Cyber Security Intelligence and we will recommend the right cyber training and audit for your organisation
 
You Might Also Read:
 
Cyber Criminals Exploit Lockdown Workers:
 
 
 
 
 
« Looking For Vulnerable IoT Devices
The Impact Of Artificial Intelligence On Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Boxcryptor

Boxcryptor

Boxcryptor encrypts your sensitive files before uploading them to cloud storage services.

Intertrust Technologies

Intertrust Technologies

Intertrust Technologies is a software company specializing in trusted computing products and services.

Greenwave Systems

Greenwave Systems

Greenwave's AXON Platform enables IoT and M2M network service providers to address security, interoperability, flexibility and scalability from a single IoT platform.

IT Security Jobs

IT Security Jobs

IT Security Jobs is a dedicated portal for everything related to IT professionals looking for IT Security jobs.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

Darkbeam

Darkbeam

Darkbeam provides a unified solution to protect against security, brand and compliance risks across your digital infrastructure.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

AdvIntel

AdvIntel

AdvIntel is a next-generation threat prevention and loss prevention company launched by a team of certified investigators, reverse engineers, and security experts.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.

Ibento Global

Ibento Global

Ibento organises the CyberX series of cybersecurity conferences.

Bit Sentinel

Bit Sentinel

Bit Sentinel is an information security company. We help companies like yours discover, prioritize, and effectively remediate potential cybersecurity risks.