A recent survey by Forbes found that 63% of respondents worked remotely or in a hybrid model, showcasing that even years after the COVID 19 pandemic, hybrid working remains the norm. The importance of securing employees and the systems they access, whether they are working in the office or remotely, cannot be understated.
Remote and Hybrid Working in the UK: Before and After the Pandemic
According to a report by the Wales Institute of Social and Economic Research and Data (WISERD) just 4.7% of UK employees worked from home in 2019, prior to the COVID-19 pandemic. However, by April 2020, 46.6% of employees did at least part of their job from home, and in 2022, a quarter of all UK employees worked in hybrid environments and 13% were working fully remotely.
The speed and scale at which the pandemic shifted a significant portion of UK’s workforce to hybrid/remote working, underscores the massive increase in cyber threats and incidents that followed, and the challenges that businesses and organisations would need to address in order to adapt. [source: ONS]
Cyber Threats and Risk Implications for Hybrid Working
Cyber attacks Up 238% Since the Pandemic
According to a study by Alliance Virtual Offices, the frequency of cyber attacks has surged by 238% since the shift to widespread remote working, largely driven by vulnerabilities in home networks and personal devices. Remote work has also increased the cost of data breaches for companies by an average of £104,077 (converted from $USD). Despite this, only 56% of remote employees receive regular cyber security training, increasing the risks for organisations operating in a more digital environment. [source: Yahoo Finance]
BYOD and Home Networks Expand Attack Surface
Research from Lookout found that 32% of remote workers use apps not approved by their company’s IT department, and 90% access corporate networks from multiple locations, including coffee shops and public Wi-Fi, which increases cyber risk. This can also increase exposure to threats like phishing and malware attacks, especially as 46% of employees save work files on personal devices. [source: IT Security Guru]
Common Attack Vectors – An increase in RDP Abuse
In light of so many organisations migrating to remote/hybrid working models, threat actors have turned their sights to exploiting remote/virtual desktop technologies as a means of bypassing external defensive parameters and gaining a foothold on the internal network.
Remote desktop protocol (RDP) is a common method for establishing remote access on Windows systems. According to a recent report by Sophos found that cyber criminals abused remote desktop protocol in 90% of attacks. This was the highest incidence of RDP abuse since Sophos began releasing its Active Adversary reports in 2021, covering data from 2020.
Remote Work Security Gaps
Cyber security experts also warn that hybrid work models expose companies to new risks. Remote workers that use unsecured personal devices and networks are a target for cyber criminals as they increasingly target collaboration apps like Slack and Teams to launch social engineering attacks. With the introduction of faster 5G networks, attacks on mobile devices are also expected to rise, as noted by UpGuard.
Best Practices and Recommendations for Securing Remote/Hybrid Working Environments
The evolution of digital security is now at a pivotal point. The old models, based on clear boundaries between “inside” and “outside,” no longer hold. IT and InfoSec teams now have to contend with much greater digital attack surfaces, endpoint and firmware management challenges and company-wide adherence to remote/hybrid working policies.
A Forrester study in 2023, found that remote and hybrid working models has magnified IT operational challenges for 75% of participating organisations. Below are some best practices and essentials for secure remote/hybrid working models:
Implement Strong Access Controls
Organisations must ensure that only authorised users can access corporate systems. This includes multi-factor authentication (MFA) and device authentication, which requires pre-registering devices before allowing network access. Zero-trust security models that continuously verify user identities and devices are also highly recommended for hybrid environments (Security Boulevard).
Adopt Zero Trust Architecture
Zero Trust is an architectural approach where inherent trust in the network is removed, the network is assumed hostile, and each request is verified based on an access policy. By implementing a “never trust, always verify” approach to network security, requiring continuous authentication and least-privilege access to ensure that every request—whether from inside or outside the network—is fully verified before access is granted, organisations can significantly reduce lateral movement from possible threat actors and improves security across cloud, on-premises, and hybrid environments. NIST has published further guidance on Zero Trust Architecture here.
Develop and Enforce a BYOD Policy, Using Encryption and Backups.
Clear policies for using personal devices for work must be established, covering security measures such as mandatory installation of security software and limiting personal use on company devices, while limiting the amount of access through personal devices. This minimises the risk of unauthorised access and data leakage.
Encrypting all stored data on devices used for remote work adds an extra layer of protection in case of theft or unauthorised access. It’s also essential to back up important data regularly, ensuring it can be restored in the event of a cyber attack or system failure. Additionally, enabling remote wipe capabilities for lost or compromised devices ensures sensitive data can be erased quickly.
Use Secure Networks and Tools
Remote workers should avoid public Wi-Fi where possible due to its high vulnerability. Instead, they should rely on personal hotspots or secure VPNs, which encrypt data and protect it from potential attackers on unsecured networks. Similarly, using secure video conferencing platforms and company-approved email systems helps reduce the risk of unauthorised access to communications.
Regular Penetration Testing and Red Teaming
Penetration testing and Red Team exercises are crucial for identifying vulnerabilities across their external and corporate networks, applications or devices before attackers can exploit them. By conducting Targeted Attack Simulations (TAS) or Red Team exercises that simulate exploiting vulnerabilities or gaps in remote/hybrid working environments companies can evaluate their overall security posture of their remote working infrastructure and focus resources on vulnerable areas to improve their defences against such attack vectors.
Regular Software Updates and Endpoint Protection
Ensuring that all devices, including personal ones used for work (BYOD), have up-to-date antivirus and firewall protection is crucial.
Regularly updating and patching software, coupled with continuous vulnerability assessments, is vital for maintaining a secure infrastructure. Cyber security as a Service (CSaaS) solutions, such as CyberLab Control, can help companies manage vulnerabilities effectively without overburdening internal teams.
Phishing and Social Engineering Awareness Training
Employees are often the first line of defence against cyber threats. Regular training sessions on phishing, social engineering, and secure data handling can significantly reduce the risk of human error leading to a security breach
Managed Detection and Response (MDR)
Endpoint detection alone is no longer sufficient given today’s digital threat landscape. Organisations must now employ an “always-on” threat detection and monitoring capability. However, employing and retaining qualified cyber security analysts, engineers can very expensive and hard to come by, let alone the continuously high costs of using XDR and SIEM technologies. Running a 24/7 SOC (Security Operations Centre) in-house with experienced analysts and security experts with state-of-the-art defensive technologies are typically reserved for multi-national conglomerates and banks.
MDR services (Managed Detection and Response) provide continuous monitoring and analysis of an organisation’s entire estate, including endpoints, network traffic and activity logs. By outsourcing to experts, firms can ensure that threats are detected and mitigated in real-time, reducing the risk of a successful attack.