With millions of employees now working from home, enterprises have had to re-evaluate their network security protocols. With a threat perimeter now expanded and fragmented across what could be thousands of nodes, how has this impacted and changed the cybersecurity threats businesses now face?

According to research from Barracuda, almost half (46%) of global businesses have encountered at least one cybersecurity scare since shifting to a remote working model during the COVID-19 lockdown. And, in the UK specifically, 41% of those surveyed had been threatened by at least one cybersecurity scare since shifting to a remote working model. With 41% also expect to see a data breach in the next month due to remote working.

Also, an astounding 49% said they expect to see a data breach or cybersecurity incident in the next month due to remote working. The global survey includes answers from over 1,000 business decision-makers in the UK, U.S., France, and Germany. More than half of respondents (51%) said they have already seen an increase in email phishing attacks since shifting to a remote working model.

Another transition that has sped up in response to the current situation is the shift to the cloud. Of the respondents, 53% reported that the COVID-19 crisis had made them accelerate plans for moving all their data to 100% cloud-based model, a change that will have a long-term impact on how organizations operate.

Speaking to Silicon UK, Dave Farrow, senior director, Information Security at Barracuda Networks said: “There is a lot of news about email-borne threats, and we have seen a huge increase in malicious email activity. But the protections from those threats are typically the same for workers in and out of offices. And the adoption of cloud services for core business systems has already addressed many of the remote access problems. But there is also new work to do when protecting user machines because of remote work.

“First, in transitioning to a fully remote workforce, there will likely be an influx of new devices accessing your network. This could be due to an increase in workers using personal devices, or from investment in new company-owned hardware for remote employees. All of those devices need to have security controls installed, configured and monitored.

“Second, incident response to deal with a compromised or infected device has also been disrupted. It’s no longer as easy as handing over your device to an in-house IT security expert to install the latest software, wipe your machine when needed, or update accordingly. And creative solutions – such as using personal devices – to maintain user productivity can often have an impact on security,” Farrow concluded.

Home front

Research from Atlas Cloud revealed a quarter of workers are using a personal laptop (25%) for homeworking. More than half of those now working on personal devices (58%) are storing business information on those personal devices.

One in 12 workers is working on a device which has no password protection. And only a third of workers (37%) are working on a device with password protection and another form of authentication such as token, authentication code, biometrics.

Pete Watson, CEO of Atlas Cloud, said: “We are living through the largest overnight change in British working habits since the outbreak of the Second World War. Marking a month since the lockdown was announced, our research shows that the majority of office workers believe they need more help from their employers to cope with the technological challenges of working from home.

“However, the research also shows that office workers may not be working from home as safely as they could be,” Watson continued. “This should not at all be a blame game. Businesses and office workers face a national emergency of the kind we have never seen before, and the aim for all of us is to help British companies perform as well as they can do during this time.

Indeed, in their report, ECSC makes it starkly clear business have little choice with the security risks they are taking: “Although it is clear that using personal devices to work from home is unwise, you might have to accept this risk in the short term to allow home working for employee safety reasons. The health of your employees is more important than your cybersecurity. However, you should treat this as a temporary risk decision while you organize the longer-term procurement of appropriate devices, secured by the business and restricted to business use.”

All businesses now have to understand and embrace the new working environment they find themselves within. The security of data and network access is far more critical than it has ever been.

“Whether it’s home, customer site, branch office, or even corporate headquarters, evolving threat landscape and erosion of network perimeter require a modern approach to security,” said Igor Baikalov, chief scientist at Securonix. “Zero Trust Model rules out implicit trust to any user or device, inside or outside of the corporate network; it extends to communication sessions and even data integrity. Zero Trust requires robust authentication and continuous verification of access to any protected resource. Zero Trust architecture is not cheap, and it’s not a one-time project – it’s a continuous effort. Still, the sooner the organization embarks on this journey, the harder the target it will become, whether during the crisis or in a normal business environment.”

Indeed, on the release of their new report The New Workplace: Re-imagining Work After 2020 Jesper Frederiksen, VP and GM of EMEA, Okta said: “The idea of a shifted security perimeter is now everyone’s reality. Many organizations were forced to quickly spin up remote work environments and security tools to enable business continuity during this time. And while we’ve seen a lot of rapid success, for many, this short-term firefighting approach isn’t sustainable” said Jesper. “As businesses look to enable a long-term remote workforce securely, they need a future-proof security framework, keeping their people, their data, and their infrastructure safe. That’s where zero trust comes in.”

Network security evolves

Businesses have been evolving their responses to mounting cyber threats for several years. As the range of potential security breaches has diversified, so have the responses enterprises now take to minimize the impact these incidents have.

“Good cybersecurity cannot be materialized overnight,” stated Steeve Huin, VP business development, Marketing and Strategic Partnerships, Irdeto. “Creating a cyber secure business requires good security practices to be employed from the outset, in addition to a commitment to maintaining sufficient updates for all devices owned and run by the organization. From anti-virus software and firewalls to dual authentication and VPN technologies, there are several solutions businesses can employ to maintain security within their organization. But these are essential requirements in today’s digital world.

Huin concluded: “On top of this, employers need to be moving ahead of the cybersecurity basics, providing employees with solutions to secure their home networks, rather than just focussing on company-owned devices which will still be vulnerable if used on an unsecured network. AI-driven security solutions which reside on home routers can help monitor and mitigate threats, ensuring vulnerable and even breached devices are adequately isolated.”

Taking practical steps now is vital for all enterprises. CTOs assessing the threat landscape their business now faces have a number of questions to answer, especially understanding which devices are connected to the network, as

Dr Chris Edwards, chief technical officer at Intercede explained to Silicon UK: “Fundamentally, the focus has to be on assuring trust between your employees, their endpoint devices and the corporate and cloud data-services they need to perform their roles. To trust the endpoints, you need to apply best practice principles for avoiding malware. Also, to mitigate the risks due to equipment loss or theft when off-premises. This is a well-known problem – encrypt laptops and other mobile devices, ensure operating systems and applications are patched, and deploy a good anti-malware solution. Secondly, be sure to monitor the status of these on all of your equipment so that you can detect whether every computer is fully up to date.”

With Mark Lee, business development director at converged ICT services supplier, GCI also advising: “You can’t just rely on anti-virus and firewalls anymore, those days are gone, a more holistic immune systems approach is needed. Areas to focus on are both technology and user awareness (people are usually the weakest link).

“Some important measures to look at include ensuring use of ‘strong passwords’; use Multi-Factor Authentication; make sure all of your systems patching is managed and current; deploy SIEM technology and consider EDR to protect users operating outside of your corporate security boundary. Using virtual desktop technology is also worth considering as a way to improve performance for remote users and also keep them inside your corporate security boundary wherever they are working from. Educate your users in cybersecurity risks and avoidance measures and run regular refreshers to maintain security at the front of everyone’s minds.”

The COVID-19 crisis has meant security has moved to the top of the agendas for all enterprises. With mass home-based working set to continue for the foreseeable future, all businesses must rapidly evolve their response to what continues to be an evolving threat landscape.

Silicon UK in Focus

James Spiteri, Cybersecurity Specialist Lead at Elastic.

With mass home-based working now the norm, what are the critical security issues businesses must pay attention to?

The drastic shift from traditional business operations to remote working has significantly heightened security risk. Cutting corners is a primary issue that has made many organizations suddenly much more vulnerable to attack. Time pressure, not having the right infrastructure or software in place and, the overwhelming demand to keep businesses up and running, results in less due diligence and more relaxed security controls.

Many organizations are also not performing endpoint monitoring. For the IT teams with endpoint monitoring capability, there’s still the task of how they get the events into their Security Information and Event Management (SIEM), which is usually part of the corporate network. If an organization relies solely on network logs or data to detect threats, they risk losing significant visibility into their systems, and their ability to detect malicious activity on user devices drops close to zero.

Finally, there are likely to be back up and data losses. Depending on how files are being shared or accessed, users may have no choice but to store data locally on their laptops or home devices, as opposed to the company’s file servers. Unless a user can have their device backed up remotely, there is a more significant risk of data loss.

Users are resorting to updating or sharing files using unauthorized means, such as online file-sharing platforms which will not have been approved by their IT teams. Although this doesn’t necessarily mean that these platforms are insecure themselves, the challenge is that there is typically no way to audit or monitor these services using free or non-corporate versions.

How will the COVID-19 crisis change how businesses approach security for remote teams and individuals?

While most organizations have a business continuity program, they’re unlikely to have planned for a global pandemic. The result is that IT is having to adapt to a changing situation quickly, yet not always efficiently, with the knock-on effect of overwhelming their IT infrastructure to allow remote access.

COVID-19 is driving a change in mindset around remote working practices, moving them from exception to ‘the norm’ from security operations and IT perspective. Organizations that were reluctant to adopt cloud services will be re-evaluating their decision. However, this will create a rippling effect on security budgets (OPEX vs CAPEX), security monitoring, remote user monitoring, staffing and more. Compliance audits will need to adapt even more in the future to ensure they consider such controls.

If the potential threat perimeter moves to the home, do we need a new approach to network security?

Network security must cater to new remote-working strategies. In reality, the threat perimeter “dissolved” a long time ago and is already a consideration by IT teams when developing their network security strategy. I do think that many organizations will start investing more in technology that’s not tied to a physical or corporate network, such as cloud-based proxies.

Who is responsible for securing a network that stretches to a worker’s home?

Security is the joint responsibility of the business and employees. The security teams need to maintain a healthy security practice and culture, and employees have a responsibility to keep their organization’s data, assets, and – just as importantly – themselves safe. Security protocols are put in place to protect the individual as much as to protect the company’s intellectual property, data, and systems.

---

Photo by Vlada Karpovich from Pexels.