31. March 2022 By Lisa Reinhardt
Cybercrime in the era of new work – the show goes on
The era of new work – what does that mean exactly?
The term new work era has become increasingly prevalent on the web since the beginning of the pandemic. But what does it actually mean? The term ‘new work’ was coined in the 1980s – so it’s not actually ‘new’ at all. It was created as a counter term to socialism and today describes a new understanding of work the era of globalisation and digitalisation. The core values of new work are freedom, autonomy and participation in the community. This also entails new forms of work, such as agile working, freelancing, the six-hour day or working from home.
The pandemic and working from home
It’s one of the most remarkable successes of the pandemic. Companies and institutions have mastered the shift to working from home and remained productive in the process. Platforms such as Zoom, for example, were available and functional just in time for us to continue doing our work. Imagine if the pandemic had occurred 20 years ago. We wouldn’t have had any powerful networking tools or ways to share data and information. The world of trade, business and science would have come to a complete standstill. But in fact, we’ve managed to gain unprecedented flexibility in how we work.
Even though having remote access to corporate networks was a silver lining during the pandemic, it also revealed a lack of foresight in terms of information security – and data security along with it. Due to the pandemic and the rather rapid transition to working from home, adjustments had to be made to corporate IT infrastructures, which, up to now, had often not been assessed, neither qualitatively nor quantitatively. The result was or is vulnerabilities that can be exploited too quickly by cyber criminals.
And that’s exactly what happened in 2020 and 2021. Cyber criminals have recognised that many corporate networks were and are still unable to close security gaps that were created by new ways of working from home:
- 1. Working from home and having more flexible working hours causes us to work late into the evening more often, which means we’re still active in our corporate networks outside of the typical working hours. This is where cyber criminals see there their chance to strike. As many IT employees were not on site to detect attacks on systems quickly, the likelihood of cyber-attacks being detected was significantly lower.
- 2. Due to our hyper-connected routines, we access shared networks from multiple devices, including private devices that do not have the same level of security as our work devices. A recent study found that 98 per cent of remote workers use a personal device for work every day. Therefore, it comes as no surprise that 67 per cent of cyberattacks that are harmful to businesses target employees who work from home.
- 3. Remote work also led to some jobs being outsourced to lower-cost countries. Corporate networks then became susceptible to vulnerabilities, as contractors were granted access to internal databases, which in turn enabled cybercriminals to access larger networks through small gateways.
What we can do about it
I’d like to give you three tips on how we can effectively combat cybercrime in our companies and make it safer to work from home.
1. Secure your hardware (root of trust)
Hardware-based root of trust means that security is guaranteed at the hardware level, making it exponentially more difficult for cyber-attack to happen. Hardware root of trust makes a device and the software on it much more secure. Devices with older hardware don’t have sufficient security protocols built into them. Stand-alone processors are due to change this in future. These processors, such as the Trusted Control/Compute Unit (TCU), will be solely responsible for overall system security and will be used alongside central processing units (CPUs) on computer motherboards. This integration of state-of-the-art chip-level security technology will be the driving force behind the next generation of cybercrime prevention.
2. Introduce strict vetting processes
Many businesses have already made the move to requiring two-factor authentication (2FA) or multi-factor authentication (MFA) before allowing a user access to their network. An example of two-factor authentication is the use of a login password and a unique code sent to the user’s device. Multi-factor authentication adds an extra layer of security by using mechanisms such as a facial recognition scan.
3. Artificial intelligence
AI is the future of many things, including information security. An AI-supported monitoring system identifies network anomalies and investigates them. How might this work? Here’s an example: the AI software recognises that a frequent user is logging in. The software starts tracking this user’s network activity for anything unusual. Should the user attempt to access parts of the network containing sensitive data, the software can prevent access and briefly freeze the user’s login until an investigation determines whether the user is authorised. This type of preventive measure is key to combating cybercrime.
Conclusion
If we want to move forward and hopefully be able to put the pandemic behind us soon, we’ll discover that working from home will continue to be a standard and isn’t going to disappear – and neither will cyber criminals nor cyberattacks. Even if we partially and/or temporarily return to our offices to work, many of us will undoubtedly keep our flexible working hours. The era of cybercrime, like the era of new work, has entered a new phase, and the best way for us and our businesses to remain vigilant is to make security an unprecedented priority.
You can find more exciting topics from the adesso world in our previous blog posts.