With the one-year anniversary of remote working coming up on Tuesday 16th, security experts commented below on cybersecurity risk and benefits of remote working.
<p style=\"font-weight: 400;\">The past year has seen an acceleration of cloud migration and digital transformation, meaning organisations have had to prioritise operational continuity over security, with some even redeploying security staff into IT roles to support the rapid transition toward remote working. As security teams have adapted to this change, remote access capabilities have had to be provisioned and new cloud and collaboration projects quickly rolled out. There has also been an obvious uptick in the use of tools such as Office 365 which has provided a great amount of support for remote workers but has also contributed to an expanded remote access attack surface – something that threat actors have taken advantage of, and that many organisations have limited visibility into. </p> <p> </p> <p style=\"font-weight: 400;\"> In order to gain visibility into the network and protect their remote workforce from opportunistic actors, organisations can look to a robust security solution like network detection and response (NDR). By having a solution like NDR, security teams are able to monitor the network for unusual behaviours, automate data and most importantly, detect and respond to attacks in real time, rather than simply focusing on trying to prevent them. With such cyber security practices in place, organisations should have no problem in supporting a remote workforce for the foreseeable future.</p>
<p style=\"font-weight: 400;\">Remote working has resulted in a disperse workforce that has not only changed the way we work but also the way we do security, for example, methods such as pen testing have had to adapt to cover more than just the corporate network and facilities. Equally, organisations, especially SMEs, have had to deal with this new form of working with little to no resources or support – with some not even having laptops when the first lockdown hit a year ago. Many have struggled over the past year without the necessary IT infrastructure in place and alongside that, a lack of clear guidance around security regulations and standards. By being unprepared and neglecting the security of employee home networks, organisations are not only finding themselves failing certifications such as Cyber Essentials, but also leaving themselves exposed to the types of cyberattacks we’re witnessing on a daily basis.</p> <p> </p> <p style=\"font-weight: 400;\">In order to stay secure and protect their remote workforce from threat actors, we are advising organisations to carry out more frequent security assessments, as opposed to the norm of 1-2 a year. By undergoing regular tests businesses can have peace of mind when it comes to securing their data and protecting themselves from cyber threats.</p> <p> </p> <p style=\"font-weight: 400;\">The future of working is going to be at least a hybrid one, if not fully remote for some, so it’s vital organisations have security processes in place that will ensure their security and data integrity no matter where their workforce resides</p>
<p style=\"font-weight: 400;\">Last year, organisations were forced to hurriedly shift to remote working at a pace which sometimes meant security was a secondary thought – or even an afterthought. Moving staff out of offices and into a home-working environment has created huge numbers of opportunities for cyberattacks and I think organisations are only just starting to grapple with this properly.</p> <p> </p> <p style=\"font-weight: 400;\">In the coming months and years, we will see more and more Solarwinds-style supply chain attacks. We’re also likely to see the problems caused by remote working continue to become apparent. If businesses want to stay safe, they should start thinking about zero trust models and install high-quality email security defenses to protect from phishing and ransomware. </p> <p> </p> <p style=\"font-weight: 400;\">When staff are away from the office, they are vulnerable due to the relative lack of infrastructure. They could also be more likely to fall victim to email scams and threats, so need to be well-trained and equipped with the knowledge to protect themselves and their employer.</p>
<p>The past year has seen rapid changes for organisations that have had to adapt to a hybrid workforce as employees worked both from home and in the office. We have learned that, in order to enable employees to work both remotely and in the office, they need to have reliable, fast, and secure connections to the organisation’s IT network from wherever they happen to be. Organisations also need to have the ability to quickly add remote users which gives them the freedom to adjust their workforce and working practices with little notice. Because of this, we’re seeing rapid adoption of solutions, such as SASE, that can provide this flexibility while ensuring a high standard of quality, and that cost is kept down. <u></u><u></u></p> <p><u></u> <u></u></p> <p>The past year has shown us that the most successful and resilient organisations are those who have planned ahead and have those capabilities and solutions in place that allow them to be flexible and embrace change, no matter the circumstances. Looking ahead, the workforce is likely going to be a hybrid one, so those who have not adapted to this ‘new normal’ and have not accepted this change, will need to do so quickly if they are to be successful.<u></u><u></u></p> <p><u></u> </p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics