COVID-19 boosts remote work, security concerns
With the instances of COVID-19 (coronavirus) cases increasing by the day, organisations in affected countries across the globe are instructing their employees to work remotely. However, offering this option without proper oversight or preparation, especially the presence of unsecured IoT devices in houses, is raising security concerns.
The National Cyber Security Centre (NCSC), UK, has issued a security advisory, urging those who use smart cameras and baby monitors in the home to take the steps necessary to protect their devices from cyber-criminals.
Financial data platform Sentieo detected 77 public company transcripts that mention “work from home” or “working from home” last month, up from just four mentions of the phrase in February 2019. Most of these documents also have the word coronavirus.
“With more people likely to work from home in the wake of the COVID-19 outbreak, now is the time for companies to review their security procedures related to remote access in office systems, to secure all endpoints and ensure that their connection to the corporate network is secure,” said David Emm, principal security researcher at Kaspersky.
“It has been well known for some time that a lot of smart devices are not secure. Back in 2018, the NCSC issued some guidance points for developers of IoT devices to follow, and it has been keen to promote these. The government has been discussing introducing legislation for smart devices to force vendors to consider security when designing smart devices,” Emm told SC Media UK.
Office and business environments also fall under the threat of IoT-hacking.
The use of IoT business platforms is growing year-on-year in almost all industries, with 61 percent of companies globally implemented IoT applications in 2019, said a report from Kaspersky.
Even though the technology offers savings, new income streams and increased production efficiency, 28 percent of organisations experience cyber-security incidents targeting connected devices, said the report.
The threat is booming by the day. There will be approximately 25 billion IoT connections by 2025, according to Gartner. A report by Gartner in 2017 said that by 2020, more than 25 percent of identified attacks in enterprises will involve the IoT.
The prospects of remote working in the wake of the pandemic has worsened the security situation, said Emm.
“If someone is working remotely, they are working on a network not directly controlled by their business. This is why it’s essential for companies to set up processes to enable staff to connect remotely to corporate systems securely,” he told SC Media UK.
“Businesses can help to protect their employees by ensuring anyone who connects to their network uses a VPN. They can also make sure the office and all endpoints are secure, patched, and up-to-date with cyber-security programs, and that the systems will only run authorised applications.”
Talking to SC Media UK, Kevin Brown, MD of BT Security noted how companies may find they do not have enough VPNs or tokens for all staff seeking to work securely from home and so they would need to prioritise what is critical - which services and which people are essential to keep things running.
Assessing the present situation for SC Media UK, SailPoint EMEA director Ben Bulpett wrote that working from home is not anywhere near as cyber-secure as being in an office. Preparation is required to ensure company systems are able to support a critical mass of staff suddenly working remotely, he wrote.
“Vendors who manufacture these IoT devices still have a long way to go to make their products fully secure and protect users from incidents like this,” observed Will LaSala, senior director of global solutions at OneSpan.
“Quick fixes in the way of SMS authentication are often added, but this simple protocol has been hacked previously in the banking industry and any other industry where it’s been deployed,” he added.
“The obvious first step is to use a decentralised password manager to create a unique password for each website or service you use. To ensure wider data privacy, you can build on this strong foundation by using a plethora of other tools that mask your IP address, warn you if you are being tracked on a website and encrypt your communications so they can’t be snooped on or hacked as you move towards digital independence,” commented Emmanuel Schalit, CEO Dashlane.
“Moreover, it is essential that governments require companies providing these IoT devices to implement a better security protocol than generic default passwords that most users are not required to change,” he added.
For those running critical infrastructure in the event of escalation, there may even be circumstances where certain teams need to be kept in isolation - demonstrating how physical and cyber-security can collide.
Industry: Cyber Security
- IAM Consultant- OKTA
- upto €90,000 plus benefits
I am looking for an experienced IAM process Manager to help drive forward a series of IAM implementation for a global Manufacturing business, Ideally you will be skilled with Okta and have knowledge of PAM Solutions, You will be responsible for: Driving the design and continuous improvement of complex IAM solutions in close collaboration with business partners Consult on the optimisation of IAM processes and design proper IT-based solutions to meet availability and quality targets Define technical specifications for SW-development (standards, design patterns, test cases, scenarios) and manage the life cycle of designed solutions Actively scan for relevant innovations and new technologies to identify further potential for improving IAM solutions and processes using OKTA Analyse new features of the regular Okta releases We are looking for someone with strong IAM experience as an Architect, Analyst, Technical Engineer, or similar role in the Identity and Security domain Experience with relevant certifications in development/administration, design and configuration of the Okta IAM platforms Familiar with LCM - joiners, movers, leavers, application federation - SAML, OIDC, SCIM and many other IAM terms Good mix of competences in IAM business process and project management concepts and tools e.g., ServiceNow, Jira, PRINCE2, SCRUM (agile)
- SAP Security Consultant
- upto €70,000 plus benefits
I am looking for an experienced SAP Security Consultant. The ideal candidate will have a strong understanding of SAP security concepts and be able to apply them to real-world scenarios. ideally you will also have experience with Securitybridge or Onapsis, or a similar SAP security tool. Your responsibilities will include: Reviewing and auditing SAP security settings and controls Identifying and remediating security vulnerabilities Implementing security best practices Educating users on SAP security Experience experience in SAP security Experience with Securitybridge or Onapsis, or a similar SAP security tool would be very advantageous Strong understanding of SAP security concepts Excellent problem-solving and analytical skills Excellent communication and presentation skills Fluent in French & English
- Post Grad MSc Cyber security - Junior Cyber Risk Analyst wanted. UK
- United Kingdom
- Entry role
The perfect start to your new Cyber Security Career. Post Graduate Cyber Risk Analyst Wanted. Are you are fresh from earning your Cyber Security MSc and eager to start your career in Cyber Security? We are looking for a recent post graduate to join a forward thinking Cyber Security Consultancy for the ideal entry role into Cyber Security. Whilst employed industry experience is not expected, as full training and support will be provided, a history of recent education in Cyber Security / Cyber Risk is essential. We are looking for someone with an inquisitive mind, who is confident to ask the right questions and who isn't afraid to challenge the status quo. Superb communication skills are a must (in person, written and verbal) This is a UK based role that is remote first with monthly travel (1-2 a month) to meet with the team and in time to meet clients. If you aren’t available to travel this isn’t the opportunity. We are unable to provide VISA sponsorship as there will be a requirement to achieve Security clearance If you're adaptable, open to fresh perspectives, and excited to be part of a forward-thinking team and looking for an opportunity to help make a difference in a Cyber consulting role, this opportunity is for you. For more information apply here……
- Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared
- OUTSIDE IR35
Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared • We require someone that has experience of migration exchange from windows server 2012 to 2019. • In depth understand of On-Prem exchange server management and deployment. • Experience migrating On-Prem exchange servers from 2012 upwards. • Secure Email Gateway experience essential Due to the nature of the requirement the individual must be commutable to London 2-3 days a week.