That made planning for disruptions comparatively straightforward: you knew where everyone was located, you had complete visibility over your threat landscape and you could communicate with everyone directly.
But hybrid working complicates that. Although it comes with huge logistical and financial benefits – plus it makes employees happier – it also creates new risks that organisations must plan for.
In a crisis, the team must be reachable to ensure the plan is enacted and to manage how it unfolds. They might, for example, need to approve additional actions or adjust the plan depending on the organisation’s ability to complete certain actions.
But problems might arise if the organisation’s email platform or telecommunications service is affected. Most CIR plans involve one point of contact with whom employees should coordinate the response effort.
One way to address this is to provide key members of the response effort with work phones. This ensures that they can be contacted no matter where they are, and gives them a chance to coordinate their team’s response.
This is even more important in a hybrid work scenario, because remote employees can’t rely on the sort of step-by-step guidance that might be possible if they were in the office. Instead, they must have the wherewithal to complete any necessary processes themselves.
So how should organisations approach employee education? Heath Renfrow, the director and vCISO at the Crypsis Group, notes that with hybrid working organisations are used to the idea of dispersed workforces.
Organisations can also teach their staff about the fundamentals of incident response with our Cyber Incident Response Management (CIRM) Foundation Training Course.
- How to recognise common cyber threats and understand threat actors;
- The components of the cyber kill chain; and
- How to define the structure roles and responsibilities of the cyber incident response team.
As we’ve previously discussed, hybrid working introduces new cyber security risks. One you have to be particularly concerned about when developing an incident response plan relates to the privileges afforded to your employees.
Before the pandemic, an organisation’s incident response team would likely have been office-based, so they could be physically present to address disruptions or contact a remote specialist to investigate the problem.
But when organisations were forced to adopt remote working, this became an issue. Key employees weren’t able to be in the office, so organisations responded by granting elevated privileges to home-based staff.
Doing so simplifies the incident response process, giving employees the ability to perform actions that would previously been possible by people with admin rights – but it introduces significant risks.
If an account with elevated privileges is compromised, it makes it easier for the attacker to cause greater damage and may reduce the need for them to perform more complex attacks to elevate their privilege.
Despite the risk, many organisations have resorted to elevating privileges. According to a Netwrix study, 85% of CISO said they sidestepped existing cyber security controls in order to support their remote workforces.
The alternative is to use a remote desktop service, handing control to a member of your incident response or IT team. This will be time-consuming, and will result in a longer recovery time, but it is a much safer option and mitigates the risk of a breach occurring.
You can learn more about the compliance risks of hybrid working by watching How to Navigate and Implement a Successful Hybrid Workforce .
- How the shift to hybrid working impacts organisations;
- The privacy and cyber security risks organisations face during and after the transition to a hybrid working model;
- Key areas organisations must consider when operating under a hybrid working model; and
- Six practical steps to successfully implement hybrid working.