Skip to main content

New home working cyber threats, and how to mitigate against them

(Image credit: Shutterstock / Golden Sikorka)

As distributed work continues, it is important for organizations to consider the impact this new work scenario is having upon the cyber-security landscape, and the additional steps IT leaders should be taking to protect their remote workforces.

While two-fifths of employees are working exclusively from offices following the UK’s roadmap out of lockdown, currently a third of UK workers are based at home. In the rush to get remote working up and running quickly at the beginning of the pandemic, there was limited opportunity to ensure that security and data protection procedures were fit for purpose. In fact, Citrix’s recent global Workquake survey, of 7,500 office workers, found that currently over a third (39 percent) of employees are using apps that have not been sanctioned or that have been explicitly banned by their IT teams.

Criminals are exploiting people being at home: online fraud against consumers has increased, but also, criminals are targeting home workers. They are finding success by exploiting human vulnerabilities that the Coviid-19 situation and homeworking has created, and specifically, stress.  Stress on individuals, stress on teams, and stress on security staff.

Stress on individuals: phishing attacks that win by distraction

The volatility, uncertainty, complexity and ambiguity (VUCA) of the pandemic is now into its second wave, or even third wave. Whether it is caring responsibilities, homeschooling or other pressures, individuals can all too easily be distracted into falling for a carefully crafted phishing e-mail. 

Stress on teams: targeting business processes

Stress can also affect whole teams. Even though IT is working hard to keep people supported, they may not be able to react quickly enough to external events. IT teams can no longer rely on informal face-to-face contact to deal with an urgent and unusual situation. They may also have established new, but insecure, working patterns to cope with this stress. Criminals know this and can exploit the gaps in high-risk business processes, with a watering-hole attack, for example.

A watering-hole attack works by identifying a website that is popular with users within a targeted organization, or a sensitive job function (such as finance.) That website is then compromised to enable the distribution of malware, to that whole group of people at once. Individuals in sensitive positions should be advised that a familiar website can still be untrustworthy.

Stress on security staff: multiple, simultaneous attacks

Criminals can create new stresses. organizations are seeing more ‘cover’ attacks, in which cybercriminals launch an obvious attack on a business, such as a denial-of-service on a public corporate website. Their aim is to distract security response staff from noticing the quieter ‘real’ high-impact attack that is going on at the same time. IT and security teams should not treat obvious attacks as routine, and make sure they are prepared to detect and react to more than one attack at one time. It would be wise to rehearse this situation, as a security response exercise. These kinds of regular exercises may have been delayed, while security staff has been adapting to working at home, but it is now time to catch up.

To tackle these new patterns of attack, here are three key considerations for all organizations in 2021:  

1. Analytics can play a central role

Analytics technology is a powerful tool for immediately detecting a security anomaly. This could be straightforward, such as logging in from an unusual location (for example a country an individual has never visited). It could be more complex, such as an untypical pattern of work spanning multiple sensitive applications. When an anomaly is detected, the system can respond, for example by requiring a manager to authorize access. 

Attacks on systems may be hard to notice but do follow predictable patterns. Analytics technology can recognize these patterns and help security staff, by intelligently grouping these anomalies together.  This allows multiple simultaneous threats to be processed, in real-time.

2. IT teams to be available, visible and approachable

More than ever, IT staff need smooth interactions with workers, so that they feel comfortable contacting IT with security concerns. 

One simple idea is for organizations to incorporate online communications tools within their new security controls. Consumers are used to seeing chatbots; consider designing a security chatbot into a new system, so that users who get stuck can get guidance at the point of need.

3. Helping those who are most at risk

Every organization contains high-risk groups:  these include senior executives, finance staff, and system administrators. These groups certainly need regular security training against the specific threats to their groups, and updates to business procedures that address these threats.

However, the burden of responsibility should not rest on their shoulders alone. Enhanced security technology (including specialized application controls, and the latest hardware) together with a dedicated support team (‘hypercare’) completes the security protection and support they need.

The next wave of attacks will target the hybrid working environment

As the vaccines roll out more widely and we move out of full-time working from home, the hybrid model of working is expected to become most prominent. Indeed, in Citrix’s own Workquake study, 44 percent of respondents said they would like to work from home more often once the pandemic eases. 

Future attacks are likely to target that hybrid working environment, which will create new ambiguities and weaknesses. Criminals will gather detailed knowledge before an attack; not just about the systems, but about the people.  Much organizational information is available from business social networks such as LinkedIn.  Recruiters use this information when searching for talent. Criminals use it too, and even have special tools to fill in the organizational chart automatically. With a little knowledge of working patterns, they can strike, knowing that the team is dispersed, with key individuals away.

organizations should assume that attackers know a great deal about them, and plan accordingly. Crucially, in the fight against cybercrime, every individual should know it is better to check than be compromised. If communication is unexpected, or the request unusual, it should always be checked before any action is taken.

Chris Mayers, Chief Security Architect, Citrix

Chris Mayers is Chief Security Architect at Citrix. He has worked in the software industry for over 30 years, and has been with Citrix since 1998. Previously he was a consultant with Digitivity/APM, specialising in security in distributed systems. He is a member of the Institute of Information Security Professionals.