Why remote working is an emerging threat vector

Remote and hybrid working arrangements have given rise to new threat vectors, according to an Australian cyber security specialist.

Ahead of the Australian Cyber Security Summit 2024, Corien Vermaak, director of cyber security at Cisco Australia and New Zealand, highlighted that while employees crave the flexibility of working remotely, it has also resulted in new challenges for cyber security professionals.

“Remote working reduces the employees’ commute but this means we’re neither here nor there on our security controls,” she told Cyber Daily.

“When everyone was working remotely, we could protect everyone in the same way, similar to when everyone was working in the office. But with people coming in and out of the office and working from anywhere and everywhere at any time, this has become a threat vector for us.

============

“Therefore, we look at identity intelligence as a larger practice than the historic identity and access management threat vector. We’ve seen an evolution of an existing control.”

At the summit, Vermaak will be participating in a panel session about the latest malware strains and emerging threat vectors businesses need to be aware of and how they can protect themselves against these threats.

To address this issue, Vermaak advised businesses to return to the basics with cyber security and ensure that employees only have access to what is required (least privilege access) to fulfil their role.

“However, the identity itself has become a three-part telemetry conundrum,” Vermaak said.

Telemetry is the automatic measurement and wireless transmission of data from remote sources (such as homes or locations other than the office). It uses sensors and other devices to collect data.

VIEW ALL

“Historically, we only looked at the identity as the domain that the person was logging in from. Now, we need to look at the domain or the person’s identity as known by the network. We need to monitor where they’re logging in from and ensure that it’s a known and trusted login. If we know they’re logging in from their home, we can immediately put that in a trust connection,” Vermaak said.

The final sphere is the behaviour component, which Vermaak said offers the telemetry to identify when the employee logs in on a regular basis.

“If you spot new behaviour or anomalies where the employee logs on to the network outside work hours for the first time, you definitely need to rethink your trust towards that connection,” she said.

“Businesses need to use all their telemetry at their disposal to look at that transaction of the login.”

In addition, Vermaak emphasised the importance of intelligence sharing and collaboration, particularly because these “criminal waves” follow a modus operandi and target specific industries based on their known vulnerabilities.

For example, if the healthcare sector is known to use a system that has a critical vulnerability, she said, criminal organisations could pivot towards it to inflict as much damage as possible within those organisations.

“As soon as a known vulnerability or modus operandi plays out, sharing this information could help other organisations keep an eye out for that modus operandi and remediating those vulnerabilities,” Vermaak said.

“By collaborating and sharing insights, we can shorten the time frame and opportunistic attacks on similar industries. Criminals find a recipe for something that works, and they repeat it until it doesn’t work anymore. By sharing that recipe, we get a real opportunity to stop that as an attack field.”

To hear more from Corien Vermaak about the latest malware strains and threat vectors, come along to the Australian Cyber Security Summit 2024.

It will be held on Thursday, 20 June, at the National Convention Centre, Canberra.

Click here to buy tickets and don’t miss out!

For more information, including agenda and speakers, click here.