Remote Working Requires a Security-First Approach Against Cyberattacks —
The COVID-19 pandemic resulted in a significant shift in the workplace worldwide, with more people working from home than ever before. This dispersed workforce is a reality that will continue long into the future, and has had a huge impact on how organizations, and their employees, must approach security, as the risk of cyberattacks on critical networks and devices increases.
According to a 2021 report from Cybersecurity Ventures, global cybercrime costs are expecting to grow by 15% per year over the next 5 years, with the size, cost, and sophistication, of attacks also rising thanks to hackers utilizing emerging technologies. This includes artificial intelligence and machine learning, and the proliferation of people working from home.
When in a physical office, networks and devices were within a secure facility. Now, with workforces spread out across the world, home networks and individual devices have become the new de facto security perimeter for huge volumes of sensitive data. To combat this trend, a security-by-design approach is needed.
Today’s Working-From-Anywhere Realities
The COVID-19 pandemic provided an opportunity for people to overhaul their working environments, with many of us setting up new offices in our spare bedrooms, living rooms, or kitchens. As a result, the workplace transformed from one office, or a number of offices, into a huge network spanning an entire country, and internationally.
This has opened up a new discussion about the long-term future of remote working, with Fortune reporting that nearly a third of workers will not want to ever return to the office. But the risks of working from home cannot be forgotten. It is crucial that home networks and devices are kept as secure as possible since hackers use this new reality as a golden opportunity.
At home, employees are often working on computers connected to a network that is shared by multiple family members. With the rise of the Internet of Things, workers are using a variety of devices on untrusted networks, that are also connected to numerous other consumer gadgets, many of which have a low security status. A connected-home environment can open the door to cyberattacks, as one unprotected device can potentially bring down the entire network. Even worse, it can then be used as a springboard to launch further persistent attacks.
This means employees must be given the essential knowledge for device protection while at home, while employers must simultaneously improve their overall approach to remote device security.
There was a time when security awareness was restricted to specific roles. Now, every job role at every level must have knowledge that enables employees to protect themselves, and their work, against breaches. Organizations should consider investing in training for all workers to increase user awareness, as well as investing in rigorous backup systems. Preventive measures can be taken on an administrative level, such as using unique access codes to attend virtual meetings or limiting the use of universal default passwords. Since hackers are given the opportunity to access data by unsuspecting employees, the risks of an attack can be reduced if leaders give staff members the tools to learn about vulnerabilities and expand their knowledge.
Phishing attacks, the email-focused form of social engineering, rose by a staggering 220% in 2020 compared to the yearly average, according to a phishing and fraud report by F5 Labs, with many phishing incidents taking advantage of the confusion surrounding COVID-19. By educating employees about phishing and the things to look out for, the likelihood of enabling an attack of this type is significantly reduced. They can also help the organization by sounding the alarm if they do receive anything suspicious.
The SolarWinds attack, discovered by FireEye, is a terrifying example of the increasing sophistication of cyberattacks. A group of hackers secretly gained access to SolarWind’s widely used platform Orion, which is used to manage IT resources, and added malicious code. When SolarWinds started to send out updates to its 33,000 customers, the hacked code was included and provided an opportunity for the hackers to gain access to those customer’s systems. By remaining undetected for months, the hackers were able to install even more malware and gain access to more data, causing further damage. Rather than stealing data and leaving, hackers were able to go undetected within the customer’s infrastructure for a long period of time. Due to the nature of the attack, the exact damage caused is not necessarily known, or able to be tracked. As the stakes get higher, security must be top of the agenda.
To ensure all networks and devices are kept as safe as possible, organizations must have secure systems in place, with a consistent plan to share updates and knowledge with their employees. However, the buck stops with the developers and manufacturers.
The Role of Trusted Computing
It is crucial that a security-by-design approach is followed to guarantee a device remains protected throughout its whole life cycle. If security is left as an afterthought by developers or manufacturers, products present a vulnerable access point for hackers to intercept large amounts of data for a prolonged period of time. It is therefore critical that each device plays its own role in safeguarding the entire network by being able to report its integrity and protect its own hardware and software.
Trusted Computing should be utilized to ensure a multi-layered security safeguard against the growing sophistication of cyberthreats. Ensuring trustworthiness of devices, device identity, and security validity, Trusted Computing has a key role to play. For example, the Trusted Platform Module (TPM) is a hardware-based root of trust which, when implemented, creates a secure way of being able to examine the authenticity and integrity of a device and its firmware. The capabilities of the TPM, including run time integrity measurements and private encryption keys, can also be used to protect data from unauthorized users.
Global technology standards and specifications are also incredibly important, as they ensure organizations have the required tools to protect against cyberattacks. A great example of this is the European Telecommunications Standards Institute (ETSI) and their Cyber Security for Consumer Internet of Things: Baseline Requirements. This standard offers the best practice in security for the whole ecosystem of embedded technology and Internet-connected devices, and its recommendations are essential to create a solid foundation that protects against attacks. ETSI’s standard is intended to be complemented by other, more specific, standards, such as the principles and technologies set out by Trusted Computing Group (TCG). It relies on the Device Identifier Composition Engine (DICE) architecture, which combines hardware and software to begin a device boot sequence following the compromise of a device or system.
The DICE capability is utilized as a Root of Trust to perform attestation, authentication, and certification, of the software, regardless of whether a TPM is present or not. DICE works by sorting the boot into different layers and using the Unique Device Secret to form secrets that are unique to each configuration or layer. Each layer uses its unique secret to derive keys that can be used to protect data or report integrity information. As the software and configuration measurements are used to calculate the secrets, they are different whenever a software or configuration change takes place. If malware does get installed on a device, when the boot happens, the malware measurements will be different from the previous software, and the malware will not have access to the previous secrets. In the case of a vulnerability happening, patches can be installed which automatically generate new secrets for the patched layer, and for later ones too.
Other technologies can also be implemented to offer strong attestation of firmware and security, device identify, and secure deployment of software updates. They should be utilized by developers and manufacturers to add additional levels of security, and to ensure that all devices are kept protected.
Tackling Future Threats
In addition to self-monitoring, organizations should consider membership in a security industry body. This allows for direct participation in understanding and defining security standards for the future security of all devices and systems, and how they can be implemented in their individual businesses.
Due to the economic impact of the pandemic, we are seeing deglobalization take place, with different nations or governments imposing security regulatory requirements as a way of enforcing trade imbalances. By creating products that adhere to global standards, the likelihood of being impacted by
regulatory restrictions is significantly reduced.
With remote working here to stay, it is important not to overlook the devastating impact of cybersecurity attacks on businesses. Technology plays a huge role in ensuring device protection and safeguarding huge amounts of data from interception. Cyberattacks are only continuing to increase in terms of frequency, size, damage, and sophistication, and Trusted Computing technology will prove critical in preventing future opportunities for breaches to occur.