NGS INSIGHT – REMOTE WORKING CYBER RISK


July 6, 2020

Introduction

 

Cybersecurity is a crucial component of industry, requiring heavy investment to reduce the attack surface and thereby strengthen a company’s defensive posture.

 

If we use the poacher / gamekeeper metaphor, we might acknowledge that having the best gamekeeper will deter many poachers. However, there will always be some who are prepared to take a big risk for the best reward. So, if a company puts all its nice juicy deer in one open field, are they not asking for trouble?

 

To protect against this, many companies will secure the perimeter with walls, wire, alarms and guards, possibly separating the deer into segmented structures within the field. But motivated poachers will still be able to steal away food for their table. Most gamekeepers want the most impregnable perimeter money can buy, accessible by only one very secure door, with a finite number of keys.

 

 

 

Remote Working Risk Landscape

 

Covid-19 has necessitated a mass distribution of keys to that single door, to allow remote workers in almost every company to continue working. Remote workers need to access company information from their own devices, and some companies may need to introduce more secure doors to the perimeter to allow greater access to the network.

 

The more devices connected to a network, the larger its attack surface. The larger the attack surface, the easier it is for hackers to infiltrate the network. This means that each separate device becomes a gateway that hackers can exploit to explore vulnerabilities for their own gains.

 

 

 

COVID-19 Business Continuity

 

Before Covid-19, remote-working employees would have had official security programmes on their company laptops, with dual or multifactor authentication mechanisms for connecting to VPNs, with mandated patching and software update protocols in place to ensure secure access to confidential company information.

 

However, most remote working plans were expanded exponentially to include many more employees in a last minute rush to secure business continuity. Many remote workers are now likely to be accessing company networks from domestic computers via unsecured home Internet connections. To make matters worse, many home computers are already infected with malware that is designed to lie dormant until activated. The resultant vulnerabilities present malcontents with easy access to the keys for the cybersecurity door and innumerable options to exploit.Hackers only need access through one entry point to seize control of an entire network. Once in, they can steal company secrets, alter data, or even lock down the whole network.

 

Additional vulnerabilities are likely to have been exposed by the issue of remote working, vulnerabilities for which many companies may be unprepared. Firstly, a business continuity plan that exposes a larger attack surface (by home working on domestic computers) to an increased number of threats must also consider data breach management and internal monitoring of a workforce’s personal computers, many of which may not be owned by the company,  nor contain auditable evidence of security updates.

 

Secondly, a company’s rapid change to temporary remote working must not allow protocols and operations to step outside formal business continuity and cybersecurity policies. Companies that do not monitor this carefully will risk invalidating company liabilities, cyber insurance policies, data protection plans and hard-won ISO accreditations.

 

 

 

Cybersecurity

 

Two recent insurance industry cyber risk surveys are worthy of note. One found that a majority of board members and senior executives who were responsible for their organisation’s cyber risk management, had less than one day in the last year to focus on cyber risk issues, despite concern over cyber threats being at an all-time high.

 

The other survey of senior executives found that nearly 80% of organisations now rank cyber risk as a top five concern, with only 11% expressing a high degree of confidence in their ability to assess cyber threats, prevent cyber-attacks and respond effectively. (Both polls were taken before Covid-19 hit).

 

The cybersecurity industry is brimming with statistics about the risk before and after Covid-19 and what the threat landscape is like now. One popular belief is that the world’s biggest cyber-attack will piggyback post-pandemic measures and will happen within the next six months.

 

In this very fertile risk landscape, prudent crisis management teams should take action now, to ensure they can protect themselves against a malware cyber-attack and all its resultant resolutions (whether indemnified or not) – or buy stock in a cyber security company*.

 

*Some cyber stocks jumped 30% in the six weeks after the Iranians cyber superpower vowed to take revenge through the US digital network after Major General Qasem Soleimani was killed at the BIAP in January’s drone strike.

Back to news +

Related News

Ukraine War: US Support Teetering and its Global Consequences

April 8, 2024

Western support has been vital in Ukraine’s fight against Russia. Yet, this support has shown increased strain, raising stark questions about Ukraine’s sovereignty. NGS Associate Analyst, Jason Cooper, explores the consequences of rising US isolationism, which threatens numerous operational concerns from further territorial revisionism to  supply chain disruption.   Introduction   Since Russia’s war with […]

Read More +

NGS TRAVELLER INSIGHT – UNREST IN PERU

September 15, 2023

Peru has been engulfed by violent clashes in recent months between protestors and the pro-government military resulting in the deaths of over 60 civilians. With recent polling suggesting 82% of Peruvians disapprove of the current government’s leadership, NGS Associate Analyst, Harry Sparke, examines the nature and motivations of the protests.   Introduction   Peru’s young […]

Read More +

ELECTIONS IN ECUADOR – WILL IT IMPROVE RAMPANT INSECURITY?

August 18, 2023

Ecuador has been engulfed by an enduring wave of violent crime which has turned a nation once known as an “island of peace” into one of the most violent countries in Latin America. The label was brought into focus on 09 August, when presidential candidate, Fernando Villavicencio, was assassinated. Ahead of elections on 20 August, […]

Read More +

NGS TRAVELLER INSIGHT – DIPLOMATIC REPERCUSSIONS OF THE NIGER COUP

August 1, 2023

The coup in Niger last week was the 13th attempted coup in Africa since 2020, bringing concerns of fresh instability to an already troubled region. Here, NGS Risk Analyst Jason Davies considers what the international reaction to the coup will mean for international travellers to Niger, and suggests some security measures.   Introduction   On […]

Read More +