Has the move to remote working left UK systems more vulnerable? (Guest blog by CyberHive)
Last year, the UK government set out its national cyber security strategy which aims to build on the country's strengths in technology and innovation. The strategy highlights the importance of cyber security in ensuring national security and safety, but also in supporting economic growth and prosperity.
In fact, cyber security is set to become a major focus for the UK's national security, and this is great news particularly as more breaches, attacks and disruption have made the news recently. For example, The Guardian announced that it suffered a ransomware attack in December 2022, in which personal data from UK staff members was accessed.
And last week the Royal Mail asked people to stop sending parcels and letters abroad due to a Russian-linked ransomware attack causing them severe disruption. This attack is highly damaging, as the Royal Mail is deemed "critical national infrastructure" - that is, it is critical to the UK economy. The repercussions of which will take a long time to recover from, as the fallout will be far reaching.
According to the Cyber Security Breaches Survey 2022, two in five UK businesses reported cyber security breaches or attacks in the previous 12 months.
It’s an epidemic. The need for upscaling cyber security locally, as well as nationally, is becoming more imperative. The days of relying on just anti-virus software and firewalls are over.
The UK can keep ahead of the game by developing new intelligence and security capabilities. New innovative technologies are required as current methods are proving to be outdated, and often facilitating the compromises that they are trying to prevent.
Companies sometimes struggle to invest effectively in the right solutions, as they are constrained by their existing systems and processes. The move towards remote working has increased their risk, making them more vulnerability towards cyber attacks. In part, this is due to remote workers using more devices from a wider range of locations.
Employers had to adapt quickly to the Covid-19 pandemic and enable their workforce to continue to keep their businesses operational. The immense requirement to pivot IT infrastructure and connectivity rapidly, will have no doubt lead to shortcuts and allowances being made, forsaking some cyber security hygiene best practice.
The Mobile Security Index 2021 reported that 40% of companies see mobile devices as their biggest security risk, and over three-quarters had come under pressure to sacrifice mobile device security to help meet deadlines and other business goals.
IT teams are continuing to enhance their wider networks, in a bid to improve performance, tighten up cyber security and eliminate vulnerabilities. They should also be aware that there has been a noticeable increase in incidents of hacking into home networks, to compromise devices with access to company systems.
So what can you do now?
If you are planning to update your model for remote working, it is essential that you and your team have the knowledge and tools needed. The cyber security landscape is changing rapidly, so it has never been more important to keep up to date with the latest methods of cyber protection.
Firstly, now is the time to implement solutions designed to allow only “known good” activity to occur. Criminal gangs are very well financed and focused on attacking your systems and you will never be able to keep ahead of their attack methods with a strategy of just responding to their bad actions. Instead, an approach of employing zero trust network access (ZTNA) allows you to implement role, location, or device-specific access control policies. Which can also be extended to prevent any unpatched or vulnerable devices from connecting to your valuable systems. Many solutions will also make it harder for attackers to identify your internet traffic as they can shield IP addresses, making it harder to find an easy access point.
Secondly, and referenced under the Telecommunications (Security) Act 2021, where there is a principle of ‘assumed compromise’. Providers should assume that network functions are subject to high-end attacks, (detected or undetected), and implement practices which make it difficult for an attacker to maintain covert access to business functions. This can be easily achieved by implementing a trusted boot solution. This periodically rebuilds the system, restoring it to a ‘known good’ state. So, in theory, any compromise or code that has infected the system, would have little time to infiltrate and inflict further damage before it is removed.
In summary, the move to remote working was an incredibly positive step for many businesses, but from the security point of view, it is also making them more vulnerable to attack by cyber criminals. While protecting our communication systems and data centres, we also need to think about how our employees are accessing and using the technology that drives the business. Failing to overcome these challenges of access and security will give the criminal gangs an easy time making money from our misfortune – which could have devastating consequences for many people around the world.