The global coronavirus pandemic has added an enormous strain on employees’ ability to work remotely. In many cases, the ease at which workers usually connect to the data and resources they need via mobile, laptop or otherwise has slowed as consumption of remote services has increased. Productivity and efficiency challenges aside, attitudes towards working from home may drastically change due to the impact of Covid-19.
Global governments and businesses continue to discuss the safest way to return to work. In the interim, employers and employees are having to navigate a fresh threat – nefarious actors that are using Covid-19 to their own benefit. Research tells us that cyber-attacks increased by 30% in early May compared to previous weeks, with criminals impersonating global organisations such as the United Nations and even the World Health Organisation (WHO) to trick users into clicking on links or opening infected documents.
This ‘new normal’ under Covid-19 conditions presents challenges for organisations and in particular CISOs in terms of managing risk. As we slowly edge towards a post-Covid-19 world, it is up to businesses to safeguard employees from the threats posed by ensuring they have robust remote working policies.
Suspicious behaviour difficult to monitor
Remote working by definition takes place outside the confines of the corporate workplace. The baseline working patterns of users are potentially different and this presents a new challenge that enterprise threat analysts need to look for. Many employees are juggling between childcare, homeschooling and their day job and working patterns have inevitably been disrupted. If logging in to complete some work later at night is an option for users, then security teams need to be aware in some cases that this could be the ‘new normal’ when analysing suspicious behaviour. This will allow them to monitor and potentially reset the baseline of what is considered to be normal access behaviour.
Restricting employees’ flexible access patterns while they are trying to work remotely is counterproductive. Instead, organisations need to consider how to monitor behaviour in a way that can compensate for unusual but legitimate remote access situations. User and Entity Behaviour Analytics (UEBA) tools provide enhanced visibility and reporting of user behaviour. These tools also deliver contextual awareness that threat analysts can use to establish whether behaviour is suspicious, freeing up time and resources to deal with the real threats quickly and effectively.
Attackers exploit mobile device usage
Secure access to files and data anywhere, anytime and on any device has never been more important. According to research, users are more likely to respond to phishing emails on a mobile device. This is possibly due to the limited device screen size, as this could make it harder to spot the tell-tale warning signs of a phishing email. This could also be due to behavioural attitudes, where users tend to use mobile devices on-the-go to check and respond to emails.
Phishing and smishing (phishing via SMS) attacks also tend to exploit users’ trust of native and commercial social networking apps. In light of the current global events, an increasing number of cyber campaigns are currently being launched through SMS and consumer apps, like WhatsApp, to exploit the fears of vulnerable mobile users who are anxious for more information about the coronavirus outbreak.
As mobile users can have multiple email accounts on one device, so any oversight of phishing attacks on personal email accounts could adversely impact work networks if the enterprise device gets compromised. Whilst this isn’t a new issue for CISOs, the targeting of remote users with Covid-19 based threats does require enhanced vigilance and awareness reminders for users.
Since the risk with social engineering lies primarily with the people using mobile devices, the solution is clear and rigorous education around mobile device usage policies, with clear guidelines on the acceptable use of consumer applications and personal email accounts on corporate and BYOD resources.
Preparing for new cyber-threats in a new world
There’s no doubt that enabling remote access to corporate resources while safeguarding the integrity of organisational systems is a tough balancing act for many organisations. However, by leveraging intelligent mobility management tools, analytics and insights that are available today, enterprise IT and security teams are better equipped to provide employees with a secure remote access model. A balance can be achieved where the employee mobile working experience is optimised, productivity is maintained and the strain on organisational IT resources is contained.
It is difficult to envisage what the world will look like after the full impact of coronavirus has been assessed, however, it’s safe to assume that attitudes towards remote working will change. Employees will expect to be able to work from home more frequently. Enhanced security and robust access to work files and data will be essential to this.
Even with the uncertainty that Covid-19 brings to all businesses, managing risk, combating cyber security threats and adapting to the ‘new normal’ of remote working will be critical to cyber security success and therefore a functioning business.
Written by Fiona Boyd, Head of Enterprise & Cyber Security at Fujitsu EMEIA.