Cybersecurity in the Time of Remote Threats
Geoff Barlow, technology practice lead of strategy at Node4, highlights the need for smarter cybersecurity and how organizations can shield up better.
Even before the war in Ukraine – and the worry that President Putin would take revenge on his critics by unleashing a spate of state-sponsored cyberattacks – businesses were nervous about cyber threats and the strength of their defenses against viruses and malware.
Node4’s Mid-Market IT Priorities Report confirmed this, with 32% of IT decision-makers saying that increasing and strengthening IT security was their most important objective for 2022. The report also brought to light security-related concerns linked to remote working. Over three-quarters (78%) of respondents said they need to increase security across collaboration tools and manage potential vulnerabilities.
Their worries are understandable. Pre-COVID, many employees were office-based – working inside a private network in a relatively secure manner. The introduction of government legislation, forcing employers to enable home working where possible, sounded the death knell for the nine-to-five office-based routine that was the norm for many people. With that came a massive shift in securing this remote workforce.
While some organizations had been moving towards the cloud-based, zero-trust infrastructure that would facilitate secure and streamlined remote working, plenty of businesses weren’t in such a good position. That meant they were introducing new IT systems, applications, and network connectivity faster than they might have liked and creating potential security vulnerabilities in the process.
Should We Be Worried About Russia?
Despite initial fears to the contrary, Russian-instigated cyberattacks on UK targets have decreased since the war broke out in Ukraine. Perhaps, like everyone else, cybercriminals in the region are feeling the impact of the conflict.
It’s also likely that Russian cybercriminals who might have targeted UK organizations are focusing their efforts on Ukrainian government websites and other pro-Ukrainian organizations. Sanctions against Russia may be playing a part too – making it harder for cybercriminals to get hold of the ransoms they’ve extorted.
But that doesn’t mean we can take our eye off the ball. Russian cybercriminals may be otherwise engaged right now, but once the conflict is over, they’ll want to get back to business.
It’s also worth remembering that although many of us are hyper-vigilant about Russian cyber threats, other hotspots like China, Brazil, Nigeria, and the USA are still active. Indeed, we’ve seen data that suggests the overall number of cyberattacks in Europe has risen by 18% since the start of the conflict – and that criminals are seeking to exploit the fear, uncertainty and confusion created by the conflict.
See More: Cyber Threat Intelligence: A Useful Tactic To Reduce Cyber Risks
How Can I Protect Myself and My Organization from Cybercriminals?
There are lots of ways cybercriminals can attack businesses. Some of the most effective methods involve using phishing emails to deliver ransomware, exploiting vulnerabilities in software or compromising weak credentials. Unfortunately, there isn’t a single silver bullet that offers complete protection from all possible cyber threats. So, organizations need to build up an effective arsenal by developing defensive depth and layering different security solutions.
Here are a few options to consider:
1. Endpoint detection and response
An endpoint is any device that connects to an IT network – whether it’s a laptop, tablet, PC, or smartphone (or even a printer). Endpoints play a legitimate role in connecting employees into the network – and to each other – but can also be exploited by cybercriminals to gain unauthorized access.
Risks to endpoints differ depending on how many applications they run, as each application can also be a doorway for cybercriminals. And those doorways are more vulnerable when operating outside a traditional IT environment. This means even a mid-sized company could potentially have thousands of vulnerabilities.
So, if you haven’t already done so, it’s worth investigating Endpoint Detection and Response (EDR) solutions. These solutions record and monitor behavior trends on endpoints and then use analytics to detect and isolate suspicious or malicious activity that may indicate cyber threats. These solutions are far more proactive than traditional endpoint protection, which rely on downloaded signatures to provide protection.
2. Vulnerability management
Ensure every asset at your organization uses the latest operating system and all software is up to date. Software manufacturers discontinue antivirus support for older products which increases device vulnerability. If it’s possible to automate your patch management, switch on that option so that employees don’t need to do it manually.
3. Mobile application management
Enforce multi-factor identity access for applications like Outlook and Office 365 when using mobile phones, PCs, laptops, and tablets. That way, even if employees are working on their own devices, data access is still governed by corporate policies.
4. A virtual chief information security officer (VCISO)
Smaller companies might find it helpful to hire a virtual CISO who can work a couple of days each month. They can run cyberattack simulations, help in the aftermath of an attack, implement business continuity planning, or onboard new security technology. It’s a relatively cost-effective way to have someone within the company who can take a holistic view of IT security and bring experiences learned from other organizations.
5. Security posture assessment (SPA)
Hiring a specialist IT service provider to run an SPA can help lay the groundwork for a more joined-up, long-term approach to IT security – ensuring all IT security components are functioning correctly and working in harmony.
6. Staff training
IT teams play a crucial role in helping employees build cybersecurity awareness – encouraging them to take a more cautious approach to potentially suspicious emails or making them aware of other common attack vectors. This is important as social engineering scams like phishing rely initially on human weakness rather than IT infrastructure vulnerabilities to gain unauthorized network access.
Some organizations find it practical to stage a social engineering scam as part of a more comprehensive ethical hacking initiative. This process can educate staff – highlighting how and why they might have fallen for the con so that the same thing doesn’t happen in the real world.
Staying Alert
The fast-paced adoption of collaboration tools and the introduction of remote working during the pandemic have undoubtedly exposed vulnerabilities within corporate IT networks. It’s particularly concerning for organizations that have not adopted a cloud-based approach to security.
But even those businesses that have adopted cloud technology – and gained better identity access management, data encryption, mobile device management or cloud-based application control – should still be vigilant. Just because the functionality is available doesn’t mean that it’s been correctly activated or is being adequately maintained.
Remember: Ransomware attacks are a big, profitable global business, so cybercriminals won’t give up easily – and will keep coming up with new, ingenious ways to launch their attacks. So even if the Russian-instigated cyber threat doesn’t ultimately materialize, it’s not the time to let down your guard – especially as independent data shows a 16% increase in cyber-attacks globally during the war. But, wherever the perpetrators originate from, no one wants to be caught out and discover they’re the next unwitting victim. Make sure you’re doing everything possible to protect yourself and your organization – and stay alert!
