Published 20 November 2020

Remote working habits in the new Covid-19 environment

Below is an excerpt from the article “Remote working habits in the new Covid-19 corporate environment create ‘rich’ opportunities for cybercriminals” as published on p.36 in Spring 2020 Across Borders magazine

Remote working habits in the new Covid-19 corporate environment create ‘rich’ opportunities for cybercriminals. By Jonathan Sharrock

Covid-19 has rapidly changed the business landscape and forced many companies to adapt quickly or face administration. For many, this has meant a sudden shift to e-commerce and the need to manage remote workforces, both of which present increased cyber vulnerability. Executives are now looking towards a range of future developments to combat this.

Cybercriminals are not ignorant to the pressures of Covid-19, they are ready and waiting to capitalise on them. Hackers are specifcally targeting companies with high proportions of remote workers and exploiting the increased vulnerability of networks which have had their security controls relaxed to facilitate remote access.

In particular, many companies use applications only ever designed to be run internally. But, driven by remote working, these applications now face public networks and the open internet. Such applications must be rigorously penetration tested to ensure they do not pose a risk to the company.

The threat is real: Toll Group have been hit twice by Ransomware since the pandemic outbreak. The second time was notable for its use of Ransomware distributed through exposed Remote Desktop Protocols (RDPs) which of course are more prevalent with so many working from home. With companies already facing hardships, there is an even greater need to avoid data loss, reputational loss, and customer loss. Additionally, fines imposed by regulations such as GDPR in Europe or the Privacy Act in Australia can now be up to 4% of a company’s annual income. In prosperous times this is an expensive mistake, in Covid-19 times this could be a fatal error.

It is critical therefore that businesses act quickly and efficiently in response.

The Australian government recommends an ‘Essential 8’ improvement to cybersecurity which can be implemented to different levels of ‘maturity’ depending on the risk status of the business and the sensitivity of their data. Of course, if possible, companies should always aim for level three.

Some of these recommendations are now very straightforward. One example being Multi-Factor Authentication (MFA), which implements the requirement of multiple forms of identity verification to access data. This is far more secure than just a password which could be misplaced, stolen, or hacked. Many cloud-based services such as Office 365 now offer this as an easily activatable setting, making its roll-out both
fast and simple.

Another easy ‘Essential 8’ is backing up data. Simple, yet critical, properly backed up and encrypted data is the most powerful defence against Ransomware attacks: it leaves the criminal with little leverage to make demands if they cannot leak your data and further encryption doesn’t matter because you have other copies. Backups should be made regularly and comprehensively, with effectively managed encryption keys, and should exist on at least two different media, such as external hard drives and cloud-based storage. One of these media should be stored disconnected to the network so that it is inaccessible to any adversary.

Off-network backup devices are becoming increasingly important because cybercriminals are spending time within a company network, seeking information to building a more crippling ransom case or malware attack. It is therefore important to stop any lateral movement during this dwell time by, for example, segmenting the network into compartments and disconnecting backup devices.

The real key to reducing dwell time is continual monitoring. This of course is easier said than done, least not because IT teams have to sleep at some point! The solution is to have a dedicated third-party security team to monitor your systems and alert you of any anomalies. Continuous monitoring and assessment are far superior approaches to one-of vulnerability assessments which often yield complicated, dense reports and do not provide good value for money.

Furthermore, cyber specialists are experienced and think like adversaries, making them more sensitive to anomalies, and they are less likely to suffer from ‘alert fatigue’ or be distracted by other company responsibilities. Outsourcing monitoring will free up the time of your internal IT team for company-specific requirements, and, in addition, solves the common problem of staff attrition due to a lack of required expertise generating a high demand for this skill set.

Cyber Citadel offers a managed detection and response (MDR) service. This service provides 24 hours a day, 7 days a week monitoring. It is also financially flexible: a plan is designed with the client company, who then pay for as extensive a service as they believe to be necessary or that they can afford. Our service aims to be more like an internal department and caters to business needs in a more personal and tailored way. The service will even offer advice and assistance to company executives about cyber-related policy.

Any company concerned about the challenges they are facing in this fast-changing world, and who are looking to develop and improve cyber security to meet these challenges, should look no further than an MDR service. Continuous monitoring and alerting in real-time is the future of cybersecurity.


Full article published in Freight and Trade Alliance’s Spring 2020 Across Borders magazine, p. 36.