The Expanding Cyber Attack Surface: The Era of Remote Working

As organisations worldwide embrace remote working for their employees, clients, and third-party suppliers, the traditional perimeter-based security model has become outdated. The global shift to remote work has exponentially increased the cyber attack surface, exposing companies to a broader range of threats. No longer confined to the security protections of corporate offices, employees and partners are accessing critical systems from personal devices, home networks, and insecure locations.

This article explores the new cyber risks associated with a dispersed, global workforce and offers strategic recommendations for mitigating these risks.

The Increasing Attack Surface: A New Reality

In 2020, the rapid transition to remote working environments saw cybercriminals quickly adapt their strategies to exploit new vulnerabilities. According to a report by Bitdefender, cyberattacks targeting remote workers surged by 238% during the COVID-19 pandemic. Attackers recognised the opportunity in home networks, poorly configured virtual private networks (VPNs), and personal devices that often lack enterprise-level security protections.

A key concern is that traditional security models were designed for a workforce that operates within the physical confines of a corporate office, protected by firewalls, network monitoring, and endpoint protection solutions. The decentralisation of these workforces—along with the increasing reliance on third-party suppliers—has introduced new security challenges:

• Home Network Vulnerabilities: Unlike corporate networks, home Wi-Fi networks are often inadequately secured, with default passwords, outdated firmware, and shared access between family members.
• Insecure Devices: Many employees use personal (Bring Your Own Device - BYOD) laptops, smartphones, or tablets to access corporate IT networks and systems, creating potentially insecure entry ports for attackers if these devices are compromised or unpatched with the latest security updates.
• Third-Party Risks: Suppliers and contractors now access critical systems remotely, and their security practices are often inconsistent with an organisation’s internal security protocols, increasing supply chain risks.
• Phishing and Social Engineering: With employees working outside the protection of office infrastructure, phishing attacks have become easier to execute. According to the Verizon Data Breach Investigations Report (DBIR) 2023, 36% of breaches involved phishing, a number that has risen with the increase in remote working.

Real-World Example: In 2021, Colonial Pipeline suffered a ransomware attack that disrupted fuel distribution across the U.S. The attack was enabled by a compromised VPN account that lacked multi-factor authentication (MFA), illustrating the risks associated with remote access to critical infrastructure. The fallout from this attack demonstrated how the expansion of the attack surface could have devastating operational and financial impacts.

The New Threat Landscape: Digital and Cybersecurity Risks

The shift to remote working has introduced several new vulnerabilities that organisations must address to secure their operations. The following sections outline the primary digital and cybersecurity risks faced by global organisations today:

1. Weak Remote Access Security

Remote work environments often rely on VPNs, cloud-based services, and remote desktop tools to enable employees to access corporate networks. However, without proper security configurations, these remote access points become prime targets for attackers. As seen in the Colonial Pipeline attack, VPN vulnerabilities and weak authentication methods can allow cybercriminals to gain unauthorised access to critical systems.

Organisations must address remote access security by:

• Enforcing MFA across all remote access points to ensure that compromised credentials alone do not grant access to corporate systems.
• Implementing Zero-Trust Architecture, where no device or user is trusted by default, requiring constant verification and limiting access to only what is necessary.
• Regularly auditing VPN configurations and remote desktop settings to ensure they are up to date with security best practices.

Quote: "The remote workforce has transformed how companies operate, but it's also stretched security teams thin. Organisations can no longer assume that any device or connection is safe, especially as employees log in from coffee shops, airports, and home offices." – Chad Skipper, Global Security Technologist at VMware.

2. Increased Endpoint Vulnerabilities

With employees using personal devices for work, these endpoints have become one of the most vulnerable parts of an organisation’s network. Many personal devices lack the same endpoint protection software that corporate-managed devices have, and their users often do not adhere to strict patching or security protocols.

To reduce the risk of endpoint vulnerabilities, businesses should:

• Deploy Endpoint Detection and Response (EDR) solutions that can monitor devices for suspicious activity, even if they are outside the corporate network.
• Implement Mobile Device Management (MDM) systems to ensure security policies are enforced on all personal devices accessing corporate resources, such as encryption, remote wiping, and application control.
• Ensure regular patching and updates of operating systems and software on all devices, whether personal or company-issued.

How well protected are the personal devices your employees use to access critical business systems?

3. Supply Chain and Third-Party Risks

Third-party vendors, suppliers, and contractors often have access to sensitive systems and data, but may not have the same stringent security measures as the organisation itself. Remote work has further amplified this risk, as many third-party actors are now accessing these systems from potentially insecure networks.

According to a report by ENISA, 58% of organisations experienced a third-party breach in 2023, with many of these incidents linked to poor remote security practices. Supply chain attacks are particularly dangerous as they can go undetected for extended periods of time, providing attackers with persistent access to critical infrastructure.

To manage third-party risks, companies should:

• Conduct thorough risk assessments of third-party suppliers, ensuring they comply with robust cybersecurity standards.
• Limit third-party access to only the systems and data necessary for their role, using role-based access control.
• Monitor third-party activity on corporate systems through advanced logging and alerting tools to detect any suspicious behaviour.

Real-World Example: The SolarWinds breach in 2020, and the MOVEit zero-day vulnerability exploit in 2023 revealed the extent to which a third-party vendor could introduce risk to global organisations. Attackers compromised SolarWinds' Orion software, distributing malware to over 18,000 companies and government entities worldwide, leading to a widespread espionage campaign. With MOVEit, attackers — specifically the notorious Clop ransomware and extortion gang — raided globally employed MOVEit File Transfer servers and stole customers’ sensitive data stored within.

What measures are in place to monitor and control third-party access to your critical systems?

4. Phishing and Social Engineering

Phishing attacks remain one of the most effective methods for cybercriminals to gain access to corporate networks. Remote workers, who are often more isolated from colleagues and support teams, can be more susceptible to phishing emails that trick them into revealing credentials or downloading malware.

The Verizon DBIR found that 85% of breaches involved some form of human element, often through phishing or social engineering. Attackers have become more sophisticated, using well-crafted emails or deepfake AI that mimics legitimate requests from managers or IT support.

To combat phishing and social engineering, organisations should:

• Implement advanced email filtering that uses AI to detect and block phishing attempts before they reach users.
• Run regular phishing simulations and training for employees to help them recognise and avoid phishing attempts.
• Enforce strict email security policies, including the use of MFA and DMARC to prevent email spoofing.

Tackling the Expanding Attack Surface: Strategic Recommendations

As organisations continue to operate with a global, remote workforce and supply chain, they must adopt a comprehensive security strategy that addresses these new vulnerabilities. Below are key recommendations to tackle the expanding attack surface:

1. Adopt a Zero-Trust Approach: Zero-Trust assumes that every user, device, and network is untrusted until proven otherwise. This requires continuous verification and granular access control to protect corporate systems from unauthorised access.
2. Invest in EDR and MDM Solutions: With endpoints being a primary attack vector, investing in Endpoint Detection and Response (EDR) and Mobile Device Management (MDM) solutions is critical for monitoring and securing devices outside the corporate network.
3. Harden Remote Access with MFA and Encryption: Multi-factor authentication (MFA) should be mandatory for all remote access points, and encryption should be applied to data in transit to prevent interception by attackers.
4. Conduct Regular Security Audits and Risk Assessments: Continuous auditing of security configurations, especially VPNs, cloud services, and remote access tools, can help identify weaknesses before they are exploited.
5. Enhance Third-Party Security Oversight: Implement strict vetting processes and continuously monitor third-party access to ensure they comply with cybersecurity best practices.

What steps is your organisation taking to ensure that your global workforce and third-party suppliers adhere to the highest cybersecurity standards, especially in remote settings?

Conclusion: Securing the Future of Remote Work

The transition to a remote, global workforce has permanently altered the cyber landscape, expanding the attack surface and introducing new challenges for businesses worldwide. The solution lies in adopting a proactive, multi-layered security approach that includes Zero-Trust, endpoint protection, third-party risk management, and phishing defences.

As Mikko Hypponen, Chief Research Officer at F-Secure, famously said, "If it’s smart, it’s vulnerable." In a world where employees, partners, and suppliers connect to corporate systems from anywhere in the world, this truth has never been more relevant.

By staying ahead of emerging threats and ensuring that every element of the business is secure, organisations can thrive in the remote working era without falling victim to the ever-growing cyber threats.