COVID-19 boosts remote work, security concerns
With the instances of COVID-19 (coronavirus) cases increasing by the day, organisations in affected countries across the globe are instructing their employees to work remotely. However, offering this option without proper oversight or preparation, especially the presence of unsecured IoT devices in houses, is raising security concerns.
The National Cyber Security Centre (NCSC), UK, has issued a security advisory, urging those who use smart cameras and baby monitors in the home to take the steps necessary to protect their devices from cyber-criminals.
Financial data platform Sentieo detected 77 public company transcripts that mention “work from home” or “working from home” last month, up from just four mentions of the phrase in February 2019. Most of these documents also have the word coronavirus.
“With more people likely to work from home in the wake of the COVID-19 outbreak, now is the time for companies to review their security procedures related to remote access in office systems, to secure all endpoints and ensure that their connection to the corporate network is secure,” said David Emm, principal security researcher at Kaspersky.
“It has been well known for some time that a lot of smart devices are not secure. Back in 2018, the NCSC issued some guidance points for developers of IoT devices to follow, and it has been keen to promote these. The government has been discussing introducing legislation for smart devices to force vendors to consider security when designing smart devices,” Emm told SC Media UK.
Office and business environments also fall under the threat of IoT-hacking.
The use of IoT business platforms is growing year-on-year in almost all industries, with 61 percent of companies globally implemented IoT applications in 2019, said a report from Kaspersky.
Even though the technology offers savings, new income streams and increased production efficiency, 28 percent of organisations experience cyber-security incidents targeting connected devices, said the report.
The threat is booming by the day. There will be approximately 25 billion IoT connections by 2025, according to Gartner. A report by Gartner in 2017 said that by 2020, more than 25 percent of identified attacks in enterprises will involve the IoT.
The prospects of remote working in the wake of the pandemic has worsened the security situation, said Emm.
“If someone is working remotely, they are working on a network not directly controlled by their business. This is why it’s essential for companies to set up processes to enable staff to connect remotely to corporate systems securely,” he told SC Media UK.
“Businesses can help to protect their employees by ensuring anyone who connects to their network uses a VPN. They can also make sure the office and all endpoints are secure, patched, and up-to-date with cyber-security programs, and that the systems will only run authorised applications.”
Talking to SC Media UK, Kevin Brown, MD of BT Security noted how companies may find they do not have enough VPNs or tokens for all staff seeking to work securely from home and so they would need to prioritise what is critical - which services and which people are essential to keep things running.
Assessing the present situation for SC Media UK, SailPoint EMEA director Ben Bulpett wrote that working from home is not anywhere near as cyber-secure as being in an office. Preparation is required to ensure company systems are able to support a critical mass of staff suddenly working remotely, he wrote.
“Vendors who manufacture these IoT devices still have a long way to go to make their products fully secure and protect users from incidents like this,” observed Will LaSala, senior director of global solutions at OneSpan.
“Quick fixes in the way of SMS authentication are often added, but this simple protocol has been hacked previously in the banking industry and any other industry where it’s been deployed,” he added.
“The obvious first step is to use a decentralised password manager to create a unique password for each website or service you use. To ensure wider data privacy, you can build on this strong foundation by using a plethora of other tools that mask your IP address, warn you if you are being tracked on a website and encrypt your communications so they can’t be snooped on or hacked as you move towards digital independence,” commented Emmanuel Schalit, CEO Dashlane.
“Moreover, it is essential that governments require companies providing these IoT devices to implement a better security protocol than generic default passwords that most users are not required to change,” he added.
For those running critical infrastructure in the event of escalation, there may even be circumstances where certain teams need to be kept in isolation - demonstrating how physical and cyber-security can collide.
Industry: Cyber Security
- CONTRACT SIEM Cyber Security Operations Engineer. REMOTE
- United Kingdom
REFCH8165 CONTRACT SIEM Cyber Security Operations Engineer. REMOTE UK SIEM Engineer. 6 month Contract. Inside IR35 Working towards a "SOC 2" environment. CLOUD (AWS) experience essential. Three key functions; Monitor, Escalate and Triage incidents. Vulnerability Management / threat intel. SIEM configuration / management, review, enhancement More specifically; Work with internal teams to identify assets. Identity applicable threat feeds and work with internal teams to remediate. Patch Patch Patch. (Help mature process / identify gaps) Configuration / fine tuning of SIEM alerts. Create dashboards, Compliance reporting. Log ingestion. Experience across ISO27001 / SOC2 / SIEM / End Point Security is essential Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Cyber Security Operations Engineer. REMOTE UK. SOC2
- United Kingdom
REF8164 Cyber Security Operations Engineer. REMOTE UK Internal opportunity. New position. Exclusive to DCL Search. You will be the hands on technical eyes and ears of the Cyber security capability actively working to ensure and enhance the adherence to ISO27001 and "SOC 2" controls. You role will touch on the following · Security Monitoring- SIEM · Vulnerability Management / Testing · Incident Management · Asset management · Disaster Recovery planning · Change Management AWS Cloud experience is essential as is the ability to ensure patch management is prioritised across the business. Any CLOUD SIEM experience highly desirable. Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Lead Security Architect
- United Kingdom
Engage with key clients in an Architectural / technical presales capacity. Including Stakeholders, end users / partners. Working on new and existing Security projects to confirm that proposed solutions are fit for purpose from both a technical and regulatory capacity. Working closely with multiple vendor . Managed security service background ideal CLOUD Security (AZURE OR AWS), IDAM background ideal.
- Threat Vulnerability Management Analyst
- United Kingdom
To monitor, identify and alert internal teams of cyber threats and vulnerabilities. MIRE Att&ck, CIS, OWASP, Vulnerability management tools MUST be able to commute to central London MUST be able to achieve UK SC Clearance. On going support and development.