How has hybrid working changed the threat landscape and how can companies adapt?

Businesses around the world made a remarkable transition to hybrid working in the wake of the pandemic but at what cost?

In a wide-ranging Q&A, Paul Colwell, Chief Technology Officer at Wavenet, explores how information security has taken a back seat in the rush to adapt new ways of working.

Transitioning to remote working during the pandemic demanded quick adjustments and, in the rush, to keep businesses running, security measures were overlooked. Now that hybrid and wider remote working has become part of the everyday work regime, we need to repair the damage to maintain organisational resilience.

A significant challenge lies in the ability to identify an attack. As everyone is no longer in the office the boundaries of your business network have become ambiguous, making it much harder to distinguish between what is inside and outside the network.

Organisations need to adopt a new way of thinking, operate under the assumption that your network is going to be compromised and devise strategies for identifying, responding, and recovering from a breach.

The transition to remote working during the initial lockdown meant that workers were encouraged to connect remotely rather than through a limited and controlled onsite process. Uncontrolled and unsecure employee-owned devices were deployed by many organisations due to a lacking supply of laptops.

During these changes, security protocols were often neglected. Increased information sharing through tools like Dropbox meant that files were not safeguarded as they would have been in the past within a securely confined network.

In the rush to implement VPNs, the use of multi-factor authentication (MFA) was often overlooked or implemented incorrectly.

Network segmentation is an effective security measure and one practice in which we have observed a steady growth. Dividing up your internal network and introducing additional controls and protections on vital assets restricts movement across the network.

Restricting what software can operate on the network along with the rise in the adoption of password managers are all prudent steps towards better security.

Utilisation of cloud computing and Software-as-a-Service (SaaS) has also seen a noticeable increase. This however brings forth the challenge of managing critical third-party accounts that have access into your network. These service accounts may have a high level of access but with less secure passwords and no MFA in place. Its essential to assess all third-party access accounts and ensure that password complexity and MFA has been incorporated.

Single sign on and making sure that all applications are cloud native is also vitally important. Not only to make sure that, irrespective of location, the working practise is the same but also that telemetry and security logs are collected. The key to ensuring security in a hybrid environment is to ensure that no matter where you log on from, security logs are captured and then analysed to check for any aberrant patterns.

Whether you are working in the office or at home your client machines don't just include your laptop but could also include any other device that you need for work. It's important that these devices can receive configuration updates, patches and other such information and then report centrally to the company that they have received and successfully applied those changes. To give an example of this, when a customer initially (pre covid) started people working at home they noticed that their antivirus setup was configured so that you could only receive the antivirus updates if you were in the office. Additionally, if you did not connect to the VPN, you did not receive configuration updates to your Windows installation. This led to large numbers of people becoming out of sync. If you're going to have successful hybrid working, you need to make sure that all devices can be managed in whatever network they happen to be on in exactly the same way as they could be managed in the office.

Business email within a hybrid working environment is a growing concern as sensitive conversations that would have previously been conducted face-to-face are now happening over email. This provides an opportunity for malicious interception of emails, altering of contact information and deceiving recipients into divulging sensitive information including bank account information.

There has been a rise in social media attacks, in particular LinkedIn. LinkedIn allows potential attackers to approach you under the guise of a reputable consultancy interested in your specific expertise. Many of these individuals are using legitimate credentials to gain access, where usernames and passwords may have previously been breached in the past, checking for reuse on social media platforms to craft targeted spear-phishing emails.

Hybrid working has also exposed vulnerabilities in mobile platforms like WhatsApp. As many employees use Outlook and Teams on their mobile devices the entire network could be at risk if an individual’s mobile is compromised by clicking on a phishing email within a WhatsApp link.

Employees need to be continuously reminded about workplace security and the latest company policies.

Business practices such as ensuring sensitive business meetings do not take place in public environments, and locking their phone and laptops when they are away from them in these same environments are everyday things that employees can adopt to help information security in a hybrid workspace.

Being aware that active adversaries can also target them on their mobile phone and ensuring that they always back up from their own system to the company network are all basic cyber hygiene best practices.

Canon is recognised by the IDC MarketScape as a leader in worldwide security solutions and services. In this new era of hybrid working, Canon UK partners with leading industry specialists in information security. Their solutions and services help to secure documents and sensitive data through every stage of its lifecycle within an organisation. Secure by design and security-checked to the highest industry standard, all information that is accessed, managed, and processed will be protected. Whatever location employees choose to work from, Canon’s approach ensures information security from the cloud or on-premise solution, to every employee’s device. Canon can help maintain data compliance and protect sensitive data throughout the lifetime of the print and scan infrastructure, from device hardening to secure disposal of devices and removal of physical and digital data from end of life or redundant devices.

Canon’s focus on workplace evolution ensures that consideration of every aspect of information security is a priority. Digitising key business processes through Canon’s range of solutions supports productivity and collaboration, giving IT teams the control required to ensure effective security that will prevent attacks, protect data, and maintain safeguard compliance across the whole organisation.

Quentyn Taylor, Director of Information Security at Canon mentioned “A company’s response to ransomware attacks must be built on a culture of openness. It is important that employees feel comfortable coming forward to share their mistakes and what led to the attack, so companies can quickly mitigate the damage before the issue snowballs out of control. No matter how small an issue, it could be the gateway that allows a hacker to exploit the company for millions again.

The modern IT landscape is increasingly specialised, this means there can sometimes be a lack of communication between IT and security teams. It is important we make a conscious effort to bridge this gap, as any IT problem left long enough turns into a security problem. Lines of communication that are centred around honesty will create a strengthened security posture in response to the vulnerabilities the attack exposed.”

• Industry Recognition – A leader in the IDC MarketScape for print and document security solutions and services as well as in the Quocirca Security landscape. 
• Setting Industry Standards – Canon Europe has ISO 27001 and ISO 2702 standard of information security certification. 
• A Partner in Security – Canon’s own European security team not only protects Canon, also extends to our customers. 
• People at the Centre of Security – A code of conduct around customer data built into Canon terms and conditions of employment. Canon staff receive industry leading training and are individually vetted. 
• Secure by Design - Designed with security in mind, all Canon products and services go through process covering all aspects of security and privacy at the design and development phases.