Skip to main Content
Article

New guidance on dealing with malicious attacks as increased home working raises breach concerns

Melanie Jones
  • Date: 15 October, 2020

The increase in home working as a result of the Covid-19 pandemic has posed significant security-related challenges for many businesses, so there’s good news in the form of international guidance on uncovering and remediating malicious cyber-attacks.

Despite growing awareness of the threats posed by cyber criminals, data breaches are still occurring on a daily basis around the globe at alarming rates. Here are just three examples of recent breaches and the impact they are having on the organisations affected:

  • Newcastle University has been held to ransom after cyber criminals hacked into its systems. The university has warned staff and students that it will take weeks to recover from the recent breach, with most university systems unavailable or restricted indefinitely. The incident happened as the university was preparing for the start of the new academic year when online services are expected to play a key part as remote students log-in to attend classes and receive assignments. It is believed that the attack was carried out by the DoppelPaymer group which has begun posting documents it claims to have stolen from the university servers
  • Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm, Virtual Mail Room, left its system exposed to hackers. The details ranged from insolvency to final reminders of unpaid council tax and affected people in UK, US and Canada. The firm works for high profile clients including Metro Bank, the publisher Pearson and insolvency specialist Begbies Traynor, so the breach is likely to have a damaging effect on its reputation and business relationships
  • BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches in early September following a ransomware attack that took place over a weekend. The bank’s internal network is reported to have been infected with the REvil (Sodinokibi) ransomware

To exacerbate matters, the post-pandemic working from home culture poses a whole range of cybersecurity challenges to organisations that are likely to result in even greater numbers of data breaches unless they are successfully addressed. 

The security challenges of the new normal

The new normal of home remote working has seen an unprecedented reliance on technology to keep us connected to employers, employees, partners and suppliers. Videoconferencing, messaging platforms and mobile devices have kept operations running for businesses of all sizes and in all sectors.

However, enabling employees to work from home has significantly increased the surface of attack for companies. It’s particularly the case for all those who are now spending far more time working on non-trusted home networks, which are not protected by corporate cybersecurity solutions. The reality is that our home networks – which include our home broadband and any personal devices we may need to use for work purposes – do not include the same, robust enterprise-grade cybersecurity we’ve come to expect in the office.

Security professionals have responded to the pandemic by quickly instituting measures to maintain business continuity and protect against new cyber threats. To manage continuity, they have been patching remote systems over virtual private networks (VPNs) that have strained under increased loads. They have been monitoring spiking threat levels, including a near-sevenfold increase in spear-phishing attacks since the pandemic began, as social engineering tactics become even more effective on a distracted and vulnerable workforce.

All of this means that critical business assets and functions are significantly more exposed to opportunistic and targeted cyber-attacks by criminals seeking to exploit vulnerabilities and plant seeds for future attacks.

To address these concerns organisations must consider ways to extend corporate network safety to employees’ homes, particularly given the increased reliance upon remote working. This can be achieved, for example, by providing access to routers and/or technology capable of detecting security threats in real-time on employees’ home networks and providing an automated way to immediately respond to threats in a way that prevents other devices on the network from being compromised.

It is inevitable, however, that many organisations will still suffer data breaches as a result of the home working culture, so the real question is how best to handle these. 

Uncovering and remediating malicious activity

The UK’s National Cyber Security Centre (NCSC) has teamed up with the US’s Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre, the New Zealand National Cyber Security Centre and CERT NZ, and the Canadian Communications Security Establishment to issue guidelines on how organisations can stay safe from malicious cyber-attacks.

The joint cybersecurity advisory ‘Technical Approaches to Uncovering and Remediating Malicious Activity’ contains a series of technical approaches that organisations can take to protect their most critical digital assets. The approaches, based on best practices, can help to uncover malicious activity and mitigate attacks - if followed. 

Key takeaways from the advisory include a recommendation to respond to any potential cyber-incidents by first collecting relevant artifacts, lots and data and removing them for further analysis. 

Organisations are further advised to avoid tipping off any cyber-adversaries that their presence had been detected on the network and to contemplate seeking help from a third-party IT security organisation. 

The guidance also provides general recommendations and best practices to follow prior to a security incident actually taking place, since properly implemented defensive techniques and programmes can make it more difficult for a criminal to gain access to a network and remain undetected. Educating staff on what to look out for while working from home or in the office is seen as a key plank in increasing an organisation’s resilience and preventing easily avoidable compromises.

In addition to this new guidance, cybersecurity training courses will provide you with the necessary skills and expertise to help in detecting and containing cybersecurity breaches.

Browse Related Topics:

Melanie Jones

Product Director for Cisco, Citrix and Cybersecurity

Melanie Jones, Product Director for Cisco, Citrix and Cybersecurity has been with Global Knowledge for over 15 years. She is responsible for managing the strategic vision, product portfolio planning, innovation and go to market strategy. Melanie manages technology portfolios in Collaboration, Data Center, Cloud, Security, IOT and Big Data Analytics, as well as being a product lead for cybersecurity portfolios for EC-Council, CompTIA, CQURE, ISACA, ISC2 and SECO. Melanie is a member of key Cisco, Collaboration, Cybersecurity and Big Data groups worldwide. She also has her own jewellery and fashion business which she focuses on in her spare time.

Related Articles
10 Aug 2021 Article

How do you plan a career in the cybersecurity area, while the world of cybersecurity is changing so rapidly?

08 Aug 2018 Article

In the world of cybersecurity, it’s a well-known secret that the weakest links in every cyber defense strategy are humans, not technology. Many times,...Read More

15 Dec 2020 Article

Managers are a keystone to company security. Here 10 things that managers can do to improve security.

We Care About Your Privacy

We are using cookies to give you the best experience on our site. Cookies are files stored in your browser and are used by most websites to help personalise your web experience. By continuing to use our website without changing the settings, you are agreeing to our use of cookies.

Please only use paragraphs and links in this rich text field. A link to page with cookie info

About your Privacy

We process your data for purposes such as delivering content or advertisements and measuring the delivery of such content or advertisements to extract insights about our website. We may share this information with our partners. Cookies set by Global Knowledge are labelled “first party”; you may exercise your preferences in relation to first party cookies by toggling the switch for each first party cookie category below. The remaining cookies are third party cookies; you may exercise your preferences in relation to each purpose by toggling the relevant switch below or by vendor by clicking “List of IAB Vendors.” These choices will be signaled globally to other websites participating in the Transparency and Consent Framework.
Privacy Statement

Necessary Cookies

These are cookies that are required for the Global Knowledge website to function and cannot be switched off in our systems. They include, for example, cookies that enable you to use a shopping cart or log into the booking area of our website.

Analytics Cookies

Analytics cookies are an optional but important part of our website's functionality. They help us to understand how you interact with our site by collecting and reporting information anonymously. The data collected by analytics cookies is used to improve the website's performance and enhance the user experience. It is important to note that these cookies do not collect any personal information that can be used to identify you.

Preferences Cookies

These are optional and you can turn them off and on. Please only use 2 to 3 lines of text here and if needed link to a page with more cookie info in Intro.

Performance Cookies

These cookies allow us to recognise and count the number of visitors to our website, traffic sources and to see how website visitors move around the website when they are using it. This helps us to improve the way the website works and improve your website experience. All information these cookies collect is aggregated and therefore anonymous.

Cookie Control toggle icon