A survey conducted by AT&T found that 70% of large businesses think that their security posture is being damaged by remote working, leaving them more vulnerable to cyberattack- This is what the experts think.
Remote working has made us all ask difficult questions of ourselves. While the initial kneejerk decisions to deploy a remote workforce took place in order to make sure that the spread of Covid19 was curtailed, now we have been in a largely remote scenario for close 6 months now, enterprises have begun to consider other ways this unprecedented move towards remote working has impacted business function.
AT&T’s recent survey of 800 cybersecurity professionals across the UK, France and Germany is one such investigation of the impact of Covid. The survey found that while 88% initially felt well prepared for the migration, more than half (55%) now believe widespread remote working is making their companies more or much more vulnerable to cyberattacks. This figure jumps to 70% for large businesses with over 5,000 employees.
What the experts think
John Vladimir Slamecka, AT&T region president, EMEA
“Cybercriminals are opportunistic, taking advantage of the fear and uncertainty surrounding issues like the current global health and economic situation as well as sudden shifts and exposures in IT environments to launch attack campaigns. It can be a challenge for IT organisations to stay on top of emergent threat activity in the wild.”
Jamie Ahktar, co-founder and CEO at CyberSmart:
“This is not a surprising finding by any means. Most people are just not aware of the many security measures they take for granted working in an office environment. The best thing a business of any size can do right now is immediately take the time to educate their employees on the fundamentals of cyber security. Once educated, enterprises need to trust that their employees understand and prioritise security. A significant amount of their workforce is now likely to be working via home WiFi networks, or even public WiFi networks. Accessing the digital corporate environment from these networks is significantly less likely to be secure than the office-based ones, so employers need to exercise trust in their employees that they are taking the precautions necessary to keep the corporate network safe: Avoiding public WiFi where possible, changing the password on their home WiFi network regularly, as well as ensuring that any security tools their employers invest in are accurately installed and regularly updated on the device they are using for work. All of these activities, should they not be undertaken appropriately, could result in a breach and damage the trust relationship between employee and employer. The standard controls set out in government standards like the UK’s Cyber Essentials scheme protect against the majority of attacks and do not require expertise or large investment to implement.
The landscape for attack is much broader now and we have seen an increase in security breaches because hackers understand this and are taking advantage of the opportunity. This is a period of transition into what is likely to be a new norm for the workplace. It’s important to remember that remote working is not inherently insecure. It just needs to be approached correctly. “
Javvad Malik, security awareness advocate at KnowBe4:
“With remote working, many procedures need to be updated to ensure the security of home workers systems. There is the concern about keeping systems patched, technical controls such as VPNs and MFA are in place, that monitoring controls are effective across a remote workforce, and that all staff receive appropriate and timely security awareness and training so that they are aware of and can report any attacks.
Communication channels are one of the biggest challenges. While there is no shortage of tools to communicate, not being able to tap a colleague on the shoulder to ask a question can lead to its own set of problems. Criminals are well aware of this and have placed considerable efforts into social engineering remote employees through phishing scams which look like they originate from the IT departments, other colleagues, or from HR.
Therefore, it’s important for organisations to revisit their security controls and ensure they are still appropriate for the current working conditions.”
Niamh Muldoon, senior director of trust and security at OneLogin:
“As the workforce adjusts to remote working, organisations need to recognise that traditional security approaches are no longer sufficient. With employees outside the controlled environment of the office, organisations will inevitably struggle to ensure that their employees are complying with best practices such as separating personal devices from work devices. In fact, OneLogin recently conducted a study of 5000 respondents globally which found that almost 40% of employees utilised their corporate laptops for streaming; and 20.5% used it for online games and gambling. Identity is the most important aspect to this new hybrid operating model – understanding who and what device is trying to log into their business environment systems and associated applications. Streamlining identity with IDAAS technology solutions will support organisations continuing to deliver quality IT services while balancing cost and risk for the organisation.”