FinTech Conversations: Cybersecurity in a remote work environment

In our first installation of FinTech Conversations, Advisor360° Chief Information Security Officer Alex Cunningham and Michael Szabados, Chief Operating Officer of NETSCOUT, talk about the increase in enterprise-level cybersecurity attacks amid the shift to permanently remote and dispersed workforces.

As we redefine “the workplace,” companies must examine whether they are managing and securing their networks adequately to defend against increased attacks from bad actors.

A discussion with NETSCOUT

Alex Cunningham: Michael, one of the most talked-about changes brought about by the pandemic is the shift to remote workforces. What was once a lockdown necessity is now part of a new work culture at some level. What has been NETSCOUT’s back-to-work approach?

Michael Szabados: Like it or not, the hybrid of remote/on-site workforce model is here long term. NETSCOUT is back to about 25% of our workforce on-site at the office. I don’t think we’ll get back to 100% in-office, but we’ll end up with around 75% in the office.

I know the popular narrative is that “people working from home are more productive,” but I’m a firm believer that workplace culture is tied to the ad hoc communications that result from in-person employee engagement.

Think about the 30-second office pop-in or getting lunch with a colleague; those moments of collaboration aid in the employee experience and can’t be replicated between remote employees through a stream of scheduled videoconference meetings.

As I see it, the downsides to remote work are the negative impact on organizational efficiency, employees’ feelings, and the increased risk of a security event.

What are the security risks of remote work?

Alex: It's easier to monitor and secure technology when the majority of the workforce is in-person. As security practitioners, we need to ensure we’re protecting our information assets regardless of where our staff are and what devices they use. Many companies are discovering the hard way that the fully remote workplace has its unique security risks.

Cultivating a company culture across remote team members of security awareness, for example, can be challenging! Not only do remote employees need to understand how to use the company technology, they also need to onboard their own technology at home.

Talk to me about the cybersecurity trends you’re seeing globally that are a result of the remote work environment shift.

Michael: The pandemic forced a rapid migration of workforces to home and workloads to the cloud. As a result, the use of virtual private networks, VPNs, is also up. This has increased the fragility of company defenses everywhere because a dispersed environment is simply harder to keep secure. For organizations large and small with dispersed and distributed infrastructures, the #1 challenge has become network security.

The increased dependence on VPNs is putting a tremendous burden on their capacity and performance, making them more susceptible to DDoS attacks. A distributed denial-of-service (DDoS) attack happens when cybercriminals bring down a company server, network, or VPN by exhausting resources with more requests than these systems can handle.

These attacks can be tricky to detect because they do not always register in terms of extra volume. Many times, these attacks are very small in size, but are nonetheless specially crafted to impact the availability of their targets.
Also, in many cases, the DDoS attack is part of a pre-designed ransomware or data exfiltration campaign, which uses a DDoS attack designed to distract the target. The bad actors behind these attacks have no problem waiting, sometimes months or years, in order to avoid detection as they can do damage quickly once the attack starts.

Alex: Yes, it’s not just DDoS attacks that are increasing in frequency and intensity, but sophisticated, multi-layered attacks are also on the rise. We should never be focused on just one type of threat because cybercriminals have multiple tools available to them. Bad actors continue to find new and inventive ways to attack—I’m hearing about increasing usage of double and triple extortion tactics, for example.

Michael: The pandemic has rapidly increased some of the types of attacks that were already on the uptick. Highly sophisticated criminal networks use DDoS as a diversion tactic. Thus, while an organization is busy fending off the DDoS, the attackers coordinate the data theft.

DDoS attacks are also being used for cyber extortion. We’ve seen an increase in this tactic during the pandemic and are still seeing it occur today on a worldwide basis.

Double extortion are ransomware breaches where the criminals first hold an organization’s data hostage with encryption and threaten to leak or sell their exfiltrated data unless paid. These ransomware gangs are now adding DDoS attacks to their campaigns to triple extort their victims.

What are the best cybersecurity practices in a wealth management setting?

Alex: We’ve seen recently that cybercriminals have been reaching their intended targets by infiltrating commonly used software or solutions first and exploiting those weaknesses as a way of gaining unauthorized access to an organization’s network. What are your thoughts on the best approach to defending against cybersecurity attacks and protecting advisors and their clients?

Michael: One thing that hasn’t changed is that companies need IT solutions that are free from potential attacks, and these solutions must be scalable and trustworthy. Without this, how can you trust that your network is secure?

First, you must have full visibility into your network. If you can’t see it, you can’t prevent it. NETSCOUT goes to great lengths to help our clients have the utmost visibility across their entire digital enterprise as one of our services offered.

Second, companies need security protection at the perimeter of their network—we use Arbor Edge Defense (AED)—to automatically detect and mitigate inbound and outbound attacks or indicators of compromise (IoC). Situated on the customer premises between the internet router and firewall, AED protects data going in and out. This essentially acts as a first and last line of defense for organizations.

Finally, there’s no question that devices on the customer premises are more responsive than cloud-based solutions that are remote. Of course, you need the cloud-based solutions, but they are not enough.

Alex: Strong analytic capabilities are also key to understanding what’s normal activity on your network and better identifying what’s not. In keeping information assets secure across a dispersed workforce, we need to make sure our defenses are built on a strong foundation regardless of geographic location.

You might also be interested in this blog post by Alex Cunningham: How to build a people-centric information security ethos.

NETSCOUT protects enterprises from cyberattack disruptions and solves their most challenging network performance and security problems. Using its patented and proprietary Smart Data technology and continuous monitoring, NETSCOUT provides real-time, pervasive visibility, and the insights customers need to accelerate and secure their digital transformation.

Alex Cunningham is Senior Vice President, Chief Information Security Officer at Advisor360°. He leads the Information Security team in protecting the Advisor360° enterprise, keeping all company and client data safe and secure.