Working from home makes cybersecurity even more challenging
“Last year saw several big ransomware attacks in the Netherlands, including at Maastricht University, Hof van Twente municipality, recruitment agency Randstad, manufacturing company VDL Group and consumer electronics retailer MediaMarkt. In attacks like these, organizations are cut off from their IT systems and data files, plunging them straight into a crisis. The developments in the cyber environment are very worrying. KPN has well-secured workspaces, a layered defense model, and detection and response tools that help us detect a lot in time. Yet it remains a game of cat and mouse. We need to be realistic and at the same time provide insight into what we are able to do. For ourselves and our clients.
With more and more people working from home, it’s important they have the right applications at their disposal. Employers really need to invest in secure and monitored working environments. Otherwise, employees will start looking for workarounds. If home offices aren’t monitored, employees can download illegal software or use unauthorized cloud services without the knowledge of their employer – opening the door to risks including ransomware and data leaks.
An additional factor is that it is harder to supervise employees when they work from home. If a company has call center employees working at the office, for instance, there’s some social control and visibility. Now, though, there are people working from home at some organizations who have too many access rights. A leak such as the one at the Netherlands’ municipal health services (GGD), where employees traded in data from the two most important COVID-19 systems, could also happen at other organizations.
"The number of attacks will continue to increase."
To determine the right security measures, organizations can of course conduct risk analyses - but ultimately, it’s the risks you haven’t noticed that will catch you out. So it’s better to accept this uncertainty. Assume things will go wrong at some point, and prepare well for that. That means ensuring good basic cyber hygiene, a good crisis team, recovery procedures, simulations and collaboration.
Cybersecurity is hard work, and however tough it may be, companies first need to get their asset management in order. Patching their existing software, checking these, and paying attention to identity and access management are then also part of basic hygiene. Crisis teams are often trained to respond to ‘traditional’ crises, such as recovery after system failures or service interruptions caused by fire or national outages. But cybersecurity also needs the attention of a regular crisis team. Simulations should focus not just on continuity, but also on cybersecurity scenarios such as ransomware and data leaks.
Collaboration is all about actively sharing information about threats and best practices. We urge organizations to speed up these preparations, and we’re happy to help. Because in all this uncertainty there is – unfortunately - one certainty. The number of attacks will continue to increase, partly because the field of attack has grown with so many people working from home.”