Business Daily Media

Remote workers are now a big cyber threat: What can your business do?

  • Written by Scott McKinnel, ANZ Country Manager, Tenable

Australian businesses are at a crossroads. As much of the country starts to re-open, business leaders must consider the lessons learnt from having a fully remote team and how this will impact their future workforce strategy. 

Although lockdowns are easing, it doesn’t mean we’ll be waving goodbye to remote work anytime soon. A recent study, conducted by Forrester Consulting, on behalf of Tenable, found that 77 per cent of Australian businesses plan to have employees working from home at least once a week in the next 12-24 months while 59 per cent plan to make remote work permanent in the next one to two years. 

While a hybrid work approach is evidently the future, the research also uncovered a more alarming finding. Amid the work from home transition, 73 per cent of Australian organisations were victims of cyberattacks targeting remote workers over the past 12 months. This finding highlights that remote workers are now one of the biggest risks facing Australian businesses in the new world of work. 

As organisations shift out of crisis mode and adjust to a new world of work that combines in-office and remote work models, security leaders must understand where they are at risk in order to maintain security in these highly dynamic and disparate environments. 

Tackling COVID-19 related threats 

The pandemic opened the door for multiple forms of attack and has provided cybercriminals with plenty of fodder to target everyday Australians and businesses alike. New statistics from the Australian Cyber Security Centre found that a cybercrime is now reported every eight minutes in Australia and there’s been a 13 per cent increase in incidents during the past financial year. 

With employees no longer confined to the corporate network where there are static sets of managed devices, security policies and technologies, threats have skyrocketed. The same study by Forrester Consulting highlighted that globally, 43 per cent believe their organisation experienced COVID-19-related malware or phishing attacks over the past year, making it the number one mode of compromise. Other common means of attack included fraud, data breaches, ransomware, software vulnerabilities, malicious insider compromises, and the theft of intellectual property.

However, much of these attacks are the result of poor basic cyber hygiene, giving cybercriminals an easy way in. But it isn’t all down to employees - business leaders need to realise that cyber risk is just as important as any other business risk - be it reputational, financial or legal. Once cyber risk becomes a business priority, greater awareness surrounding cyber hygiene becomes a natural next step. 

Greater visibility into the network

The home network is now the corporate network. Where once there were clear boundaries between home and work, this is no longer the case. 

The same study found that roughly nine in 10 remote workers connected six or more devices to their home network, including employer-provisioned devices, personal devices, appliances, wearables and gaming systems. Further complicating matters, many remote workers accessed financial records (43 per cent) and customer data (51 per cent) from a personal device, often with little guidance on how to ensure data was protected. 

With so many additional devices being connected to the business network, having visibility over this can be a real challenge. In fact, two in five security leaders say they lacked visibility into remote employee home networks and their connected devices. And just 29 per cent felt they have enough staff to adequately monitor the attack surface.

Re-evaluate cybersecurity strategies

Given the propensity of attacks targeting remote workers in Australia, security teams can no longer rely on strategies rooted in a “trust but verify” approach. Staying obstinately on this path only leaves organisations’ network, data, and systems vulnerable to both external attackers penetrating the perimeter and to malicious insiders in positions of “trust.” 

Instead, organisations must adopt a zero-trust model where no one is trusted and everything must be validated. It’s built upon cyber best practices and sound cyber hygiene, such as vulnerability management, proactive patching and continuous monitoring. Identifying each and every user in the network provides full visibility into the attack surface including IT, OT and IoT. Once security teams know how data flows within the organisation, identifying critical assets that need to be secured becomes easier. Limiting access to these assets reduces the attack pathways and allows ease in monitoring the attack surface, identifying end-point vulnerabilities and patching them regularly. 

Let’s face it, work is never going back to the way it was pre-pandemic, at least for the foreseeable future. Organisations must adjust accordingly and not stick to perimeter-based methods to keep themselves secure. 

Business Daily Media Business Development

The cost-of-living crisis will put more pressure on shoppers than COVID

Shutterstock/Zivica KerkezCOVID drastically changed shopping habits. Lockdowns, isolation and illness led variously to panic buying, a surge in online deliveries, and some impulse purchases...

Kokho Jason Sit, Senior Lecturer in Marketing, University of Portsmouth - avatar Kokho Jason Sit, Senior Lecturer in Marketing, University of Portsmouth

Firms are cutting sick pay for the unvaccinated – what does employment law say?

baranq / ShutterstockA person’s COVID-19 vaccination status is increasingly determining which events they can attend, where they can travel and where they can work. Vaccines influence ...

Lisa Rodgers, Associate professor, labour law, University of Leicester - avatar Lisa Rodgers, Associate professor, labour law, University of Leicester

Is your tech stack protecting you from potential cybercrime?

There has been a big focus on the rapid adoption of hybrid work, and with many Australians making the gradual return to the office, it has become an increasingly preferred way of work. C...

Ellen Benaim, Chief Information Security Officer at Templafy - avatar Ellen Benaim, Chief Information Security Officer at Templafy

sports expert Q&A on what Djokovic row means for unvaccinated elite athletes

Tennis star Novak Djokovic looks to be out of the Australian Open after the country’s immigration minister, Alex Hawke, cancelled his visa “on the basis that it was in the public...

Keith Parry, Deputy Head Of Department in Department of Sport & Event Management, Bournemouth University - avatar Keith Parry, Deputy Head Of Department in Department of Sport & Event Management, Bournemouth University

Inflation will probably melt away in 2022 – central banks will do far more harm trying to tackle it

It remains to be seen whether the omicron variant will shift Sars-CoV-2 towards becoming manageably endemic. But as and when this happens, there will still be “long COVID” to con...

Brigitte Granville, Professor of International Economics and Economic Policy, Queen Mary University of London - avatar Brigitte Granville, Professor of International Economics and Economic Policy, Queen Mary University of London

here's what UK government can do to cut household bills

According to the boss of the UK’s biggest energy supplier, Centrica, high gas and electricity prices could last for two years. With many already unnerved by the fact that the average U...

Lawrence Haar, Senior Lecturer in Finance, University of Brighton - avatar Lawrence Haar, Senior Lecturer in Finance, University of Brighton



NewsServices.com

Content & Technology Connecting Global Audiences

More Information - Less Opinion