Securing remote workers a top priority for the energy sector

Jim Cook, ANZ Regional Director at Attivo Networks

By Jim Cook, ANZ Regional Director at Attivo Networks

Many energy distribution organisations have settled nicely into the remote working groove after the government implemented sweeping shutdown restrictions in March, designed to slow the spread of the virus.

The ease with which their employees have been able to adapt has been a revelation for many Australian energy company business leaders and managers. So much so that some companies are looking at making remote working part of their regular modus operandi, even if and when the health threat posed by COVID-19 recedes.

There’s certainly lots to like about the remote working model for businesses and workers alike. For the former, think smaller real estate footprint and a corresponding reduction in running costs, the ability to bring talent on board from further afield, and increased productivity, from a more satisfied workforce. Employees, meanwhile, can eliminate hours of commuting from their schedules and enjoy better work-life balance.

Remote workforce, rising risk?

That’s the upside of the modus operandi that’s been collectively thrust upon us, courtesy of the coronavirus. But there is a downside. In 2020 Australia, the risk posed to businesses by cybercriminals has never been greater – so much so that, in late June, Prime Minister Scott Morrison issued an unprecedented, urgent warning to organisations to be on their guard against ongoing, large scale cyber-attacks.

The Australian Cyber Security Centre has also warned of malicious cyber-actors actively targeting individuals and organisations with COVID-related scams and phishing emails.

If not properly secured, a remote workforce can represent an enormous array of potentially easy ‘ins’ for those intent on disrupting operations, holding organisations to ransom, and stealing commercial and customer data.

Using cyber deception and sleight of hand to ramp up remote defences

Not only does mass remote working open up the potential attack surface – scores of geographically dispersed devices and connections to protect – it also abolishes behavioural baselines that are traditionally used to detect threat activity. Employees working offsite may log on at different times, and access different systems and data than they do when holed up in head office. That can make it harder for security systems and staff to register and respond to suspicious activity as quickly as they need to.

There’s also a greater chance of compromise by carelessness – employees uploading unauthorised software, using personal or unpatched devices to log on, or, wittingly or otherwise, enabling third parties to access company devices and the corporate network.

With traditional security tools and teams likely to be hard-pressed scaling up to the challenge all of these presents, there’s a case to be made for doing things differently.

Deception technology works by planting traps or decoys for attackers that look and feel like genuine infrastructure and systems. By tricking would-be attackers into thinking they’ve found a way in, companies can buy themselves time to study their methods and motivations, while preventing them from accessing the real target – the organisation’s critical systems and data.

There is also novel new technology that hides the production files, folders, and shared drives so that the attacker cannot see the real environment, only the decoys. This can be powerful for preventing ransomware attempts to encrypt data. This same sleight of hand hides real Active Directory objects and deliver fake data. These can both serve as powerful tools to derail the attack before it can even have the opportunity to begin.

These technologies can also deploy to improve the security of VPNs accessing the corporate network and clouds and to generate timely and accurate alerts of potential incursions.

Time to act

COVID-19 has made remote working the new normal, and signs suggest it will stay that way for the foreseeable future.

Using alternative cyber-security tools and tactics to minimise the threat a decentralised workforce poses to the corporate network and data will allow Australian energy businesses to enjoy the benefits of this model, without exposing themselves to avoidable risk.