Will O'Brien: Not letting the guard down to internet threats as home working drags on

Existing risks could be missed as security expenditure is cut, controls are relaxed, and IT changes are rushed through without the routine change protocols.

The transition to remote working for the majority of staff creates its own cyber-risks, with network access being requested from multiple locations.

We have already seen evidence that cyber attackers are already exploiting the extraordinary response caused by Covid-19.

The criminal threat actor behind Emotet, which provides malware delivery services, began using Covid-19 phishing lures in January, while the crisis was still in its early stages.

Other actors have since followed suit, with hundreds of new Covid-19-themed phishing lures appearing every day.

We have identified criminal and state-sponsored campaigns exploiting the crisis, and in more recent days Interpol has warned that hospitals fighting Covid-19 are at risk of ransomware attacks.

We expect they will also use virtual private network and video conferencing software lures to take advantage of users unfamiliar with remote working.

There are key ways to mitigate cyber security risks, which include securing the organisation’s remote working practices.

Covid-19 has forced businesses to shift to remote working at scale and at pace.

The IT infrastructure and requirements of many businesses changed, and so has the range of attack points for cyber criminals.

Making sure the right controls been applied to new systems or tools to support employees with remote working is important, as is ensuring existing procedures and good practices are being maintained.

Businesses need to take a number of essential actions to ensure their cyber security while employees work from home.

Firms need to tell their staff that cyber attacks are more likely and to be aware of agreed remote working practices and to take responsibility for their connected activities.

They also need to advise users to only use approved solutions and need to prevent them from using open-source or free cloud-based software unless they are cleared by the company for use.

They need to ensure remote access systems are fully patched and securely configured, review crisis-based tactical actions, and implement security controls which may have been overlooked initially.

Firms must also ensure remote access systems are resilient to withstand distributed denial-of-service attacks and should advise employees on safe habits when working from home, including finding a secure place at home to work ensuring that no one can read their screen or access their computer and to never leave devices unlocked while dealing with a domestic matter.

They need to ensure they have adequate cover for any key dependencies within their cyber security teams.

In turn, this will mean maximising the use of automation to perform key cyber security activities.

Other issues include identifying and monitoring critical security activities and reviewing how key users are going to perform key tasks, as well as deploying asset tooling to ensure continued visibility as systems move away from the internal network.

As well as reinforcing the organisation’s security technology, businesses must remain alert for opportunistic threats.

A big part of this will involve providing employees with specific guidance on how to spot suspicious activity.

Organisations should also guard against the increased risk of insider threats and warn finance teams of the increased risks of business email compromise attacks which may attempt to exploit different or new ways of working, such as unauthorised requests for fraudulent electronic funds transfers.

Organisations should also guard against the increased risk of insider threats where third parties are performing key activities such as system administration and IT support.

Where possible, organisations should apply controls across their IT infrastructure that can track and monitor this type of activity.

Will O’Brien is director at the PwC Cyber Practice