Outside in security – the new world of remote access


Malcolm Bailie, Nozomi Networks

A recent survey from LinkedIn showed that more than three in five Australians believe working from home will become the norm.

While some may be disappointed to see normal office hours resume when we get to the other side, the same research showed almost two thirds of employers will continue to support staff working remotely even after the pandemic is over, meaning buy-in is effectively secured for our future remote workforce.

This has huge implications for how we access our work – remote access is the important link in the chain that allows us to do all or most of our work from our new home offices in a secure, sensible way. It has been no small effort for CISOs, CIOs, IT managers and others to enable this transition, and for the most-part they’ve been successful.

But with the virtual certainty (pun intended) that a heavy degree of remote work is here to stay, there are deeper changes to be made to ensure remote work is sustainable and secure.

Security challenges for tech leaders

A core question for technology and cyber security leaders is how can they keep their critical systems running 24/7 when employees are encouraged – or even mandated – to work remotely?

The key issue here is that a huge amount of a typical organisation’s security is built around the mothership – the main office. The key here is that once you’re on the inside, it is assumed you’re meant to be able to access the data, the applications, and other workloads, and so much of the security posture is about keeping people on the outside out.

But in this new reality, a lot or maybe even all staff are on the outside.

This is a balancing act of safety, productivity, and cybersecurity risk. Even the slightest oversight can open the door to cyber risks that can damage staff, reputation, revenue and more. On the other hand, if the systems are too restrictive, outside staff cannot operate the same way they did from the office.

Opening a large number of connections from remote workers back to the enterprise’s IT and OT (operational technology) systems incurs cyber risks. These risks are amplified by the fact that many corporate and technology leaders in Australia are not prioritising cybersecurity as tunnel vision to keep the business running remotely has taken over.

Cyber criminals are nothing if not opportunists, and the sharp increase in ransomware attacks against Australian businesses since the pandemic broke out is testament to that.

Keeping malware and ransomware away from OT systems

Attacks evolve all the time, and often come back in waves. In Australia, we’ve seen all too recently how these attacks aimed at remote workplaces have severely impacted companies such as logistics giant Toll Group and beverages manufacturer Lion.

Two of the latest malware attacks making their mark are BlackEnergy and GreyEnergy. Both date back as far as 2018 but have recently resurfaced.

While bad news all round, these types of attacks pose a particular threat to critical companies’ OT infrastructure – which, in the context of say an energy or water supplier – are absolutely vital to keep operations running.

Highly skilled cybercriminals are also employing second stage techniques to increase the severity of their attacks.

As an example, a threat actor may initially gain access to a network by exploiting vulnerabilities or via credential theft. This allows the attacker to observe and learn the environment before deploying bespoke ransomware directly to key operational assets such as industrial control systems (ICS).

With the sharp increase in remote working and remote access, it’s never been more vital for organisations to prioritise OT cybersecurity and mitigate risk.

Resilience for a post-pandemic world

To maintain resilience during and after COVID-19, I would encourage Australian organisations to include both IT and OT teams in cybersecurity planning and training, with certain training also provided to all staff, particularly those who work in physical isolation.

There are simple but important steps businesses can take to get ahead of the threats. These include using passive traffic monitoring to identify and baseline critical assets and operational states; applying a health-check to network infrastructure; and conducting a patch check across all devices and services – particularly as remote work has brought so many new ones into the mix.

The remote access genie is certainly out of the bottle and it will never return to the same state as before the pandemic. How Australian tech and security leaders react and adapt will be a telling point on how the country survives and competes in an enhanced digital economy.

Malcolm Bailie is Manager Solutions Delivery and Projects (APAC) for industrial cyber security and operational technology specialist Nozomi Networks


Leave A Reply