Home Business The Risky New World of Work
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

The Risky New World of Work

by jcp
gawdo

By: David Cummins, VP of EMEA, Tenable

Flexible working practices have grown in popularity since the start of the pandemic as U.K. employees were mandated to work from home. This trend will be further fuelled given the U.K. government’s recent announcement that all staff will have the right to request flexible working from their first day of employment, rather than having to wait until they’ve been in the role for six months. With hybrid remote work officially a long-term model, there are several challenges companies must face.

Over the last 18 months, organisations were forced to mobilise large percentages of their workforce. This saw the acceleration of digital transformation with new technologies introduced and working practices completely overhauled. However, despite the rise in technological advancements, most organisations were forced to prioritise productivity over security considerations.

Unfortunately cybercriminals reacted quickly and capitalised on the insecure working practices that ensued. In fact, 90% of U.K. organisations experienced a business-impacting cyberattackin the last 12 months, with 51% falling victim to three or more. This data is drawn from a commissioned study, conducted by Forrester Consulting on behalf of Tenable, that surveyed more than 1,300 security leaders, business executives, and remote employees worldwide. The study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work, was conducted in April 2021 and also included 168 respondents in the UK Looking at the nature of these attacks the study revealed that:

  • 72% resulted from vulnerabilities in systems and/or applications put in place in response to the pandemic
  • 68% targeted remote workers or those working from home
  • 63% involved an unmanaged personal device used in a remote work environment
  • 51% resulted from VPN flaws or misconfigurations
  • 51% involved cloud assets

The impact to organisations was far from trivial as 36% said they had suffered a ransomware attack while 33% reported the attacks resulted in a data breach.

Security for the new normal

The challenge is that legacy security approaches weren’t designed to handle an attack surface of the scope and complexity organisations now find themselves with. That said, it doesn’t mean game over. There are few steps security teams can take to regain control

A holistic approach: Organisations need the ability to see into the entirety of the attack surface — on-premises and in the cloud. In tandem, they need to determine where vulnerabilities exist and the impact if exploited.

All on the same page: Understanding the impact of exploited vulnerabilities requires business and security leaders to work in conjunction with each other. Security needs to understand the larger mission of the organisation and safeguard the tools and assets that enable staff to complete business critical activity, while also ensuring important data is safe-guarded.

Basic cyber hygiene: The vast majority of data breaches today are not sophisticated to the trained eye. In fact, the majority are due to known but unpatched flaws in applications and hardware. One example is Zerologon — it was initially fixed in August 2020 but, by the end of the year, featured in several government alerts and had been adopted by threat actors of various motivations and capabilities. By maintaining regular patching cycles, developing plans to address out-of-band patches and performing regular backups, the vast majority of threats can be neutralised.

Trust is earned: With many users working outside the physical perimeter, access management is critical. Attackers only need to compromise one machine to get access to Active Directory — a WHAT developed by Microsoft for Windows domain networks that helps organise a company’s users, computers and more. Given that a network is not bound by physical location but that all remote employees are part of it, this would allow attackers to not only compromise the device, but the network too. The attacker could then leapfrog between accounts until they get administrative control, allowing them to pose as legitimate IT users, authenticate using valid credentials, create new accounts, change user access controls, escalate permissions and move from on-premises to Azure Active Directory in the cloud — all without being detected because they appear to be legitimate, trusted users.

Cybersecurity has been on the agenda for a while, but recent events highlight how critical it is that it be addressed as a business imperative. As companies prepare to indefinitely support a hybrid environment, with employees that are both office based and remote depending on the day of the week, it’s crucial to align cybersecurity with business practice. Organisations must rethink how they define the risks they face, looking beyond software flaws and device compliance to achieve a holistic view of their dynamic and disparate environment.

________________________________________________________________________________

 

  1. A business-impacting cyberattack is one which results in one or more of the following outcomes: loss of customer, employee, or other confidential data; interruption of day-to-day operations; ransomware payout; financial loss or theft; and/or theft of intellectual property.

 

www.gawdo.com

You may also like