The pandemic has revolutionised our working practices but in doing so it’s also opened the door to increased cyber attacks. Sugee Bhanoo examines what can be done
Surprise, surprise, I’m writing this blog from home. Before the pandemic, the days I worked from home were few and far between. You could find me at our office in Kuala Lumpur, moving from meeting room to desk, chatting with colleagues in the pantry and walkways.
What a difference to today.
Having worked from home previously, I am a big supporter of hybrid working. Like many, I’m reaping the advantages you can get from working from home. No commute, for starters. More time with my family. The list goes on.
But it’s not all good. The lack of face-to-face interaction, no more casual catch ups as you pass a colleague’s desk or in a corridor or, dare I say, social meet ups after work. In retrospect, it’s amazing to think of what we all took for granted in the pre-pandemic days.
And more broadly, there’s also the increased risk of cyber attacks. The combination of our increased reliance on the internet to sustain us through the challenges of the pandemic, twinned with the fact that many more of us are remote working, has been a boon to attackers. But why is this the case?
The reality of working remotely
A workforce suddenly transplanted from the office to their homes offers numerous opportunities to circling cyber attackers. That’s because without the security protection of the office firewall, employees have to rely on their home networks – and sometimes their own devices – to complete their tasks. This results in a much bigger attack surface; employees are now in different locations, operating from different networks and on multiple devices, all of which makes it far harder for IT security teams to identify suspicious activity by intruders.
Working remotely also leads to a greater reliance on email as one can’t wander over to a colleague’s desk for a catch up. This gives hackers greater opportunity to infiltrate networks through phishing attacks.
Similarly, for some employees their work laptop might be their only home computer, which means they're likely using them for shopping, social media and the like. If that’s the case, hackers can then launch phishing attacks against their personal email addresses, which if opened on the right device, can open the door to a corporate network.
And then there’s the fact that remote workers can quite easily be distracted by family members particularly kids and their online learning needs. For some, it would be their furry friends and attending to their habits. Combine this with remote workers being away from the corporate environment where they might see visible reminders about cyber security and staying safe online, it’s easy to see how an inadvertent compromise can take place.
Given that the trend for more home working is not going to go away any time soon, the task now is to figure out what we’re going to do about these increased cyber risks.
To the barricades
The good news is that despite these challenges, it is still possible for an organisation to have its workforce operate remotely work while also staying safe from cyber attackers. Here at BAE Systems, we, too, had to move quickly to figure out how to securely deliver our services remotely, and then collaborate with our clients to show we had the right solutions and checks in place.
Clearly, some of it comes down to training and engaging staff. That’s why I think there needs to be increased training regarding phishing attacks, for example, but organisations shouldn’t rely on individuals alone. All laptops should require remote access security controls, including a minimum of two-factor authentication, not to mention up to date anti-malware software and other security applications.
Personally, going forward I see a great opportunity in increasing cyber awareness among remote and hybrid workers. With workers no longer all under one roof, organisations are more likely to embrace cloud technologies, as well as serverless technology, as my colleague Chris Hesketh has predicted. And the onus of keeping hardware and infrastructure equipment up-to-date with the latest patches is likely to move to those organisations with the right depth of cyber security expertise.
After all, with attackers a constant, nefarious presence, this is no time for novices.
About the author
Sugee R. Bhanoo is Head of Capabilities APAC at BAE Systems Applied Intelligence
Cyber Threat Bulletin
Sign up to receive our Cyber Threat Bulletin providing a summary of recent activity and emerging trends, giving your organisation the information it needs to keep pace with the evolving cyber threat landscape
- Conflict in the grey zone: Preparing ourselves against cyber opponents. When it comes to the cyber arms race, Miriam Howe says that preparation, collaboration and adaptability are critical
- Stepping up on Cyber Defence. Christine Maxwell is a woman on a mission – a cyber mission. She tells Mivy James about overseeing the ever evolving challenge of Cyber Defence and Risk at the UK’s Ministry of Defence
- The Cyber Threat: before, during and after lockdown. No sector of society has proved immune to the spiralling effect of Covid-19 – and that includes cyber security. With the kaleidoscope shaken and pieces still in flux, Adrian Nish examines its impact so far
- How to stay ahead in the cyber arms race. With many countries moving significant funding towards developing offensive cyber capability, Dr Mary Haigh examines what needs to be done to stay ahead of adversaries
- Rising to the cyber challenge. How is the UK responding to the myriad cyber challenges and opportunities which pockmark today’s global landscape? In this guest blog, Dr Henry Pearson, the UK’s Cyber Security Ambassador talks priorities, plans and progress
- Bringing data to the party. Caroline Bellamy is on a mission to transform how the UK Ministry of Defence uses data. She tells Mivy James about her 30-year career in industry and why data holds the key to smarter and faster decision-making across Defence