#NSBCS.058 - From Office to Anywhere: Governance and Compliance in the Hybrid Work Age

Cyber ResilienceCyber Governance
Written By Shane Bell

Source: NSB Cyber

 

From Office to Anywhere: Governance and Compliance in a Hybrid Workforce

The shift to hybrid work has transformed how organisations operate, introducing new challenges for governance, risk, and compliance (GRC). This has created unique risks associated with hybrid work and the necessity for strategies to address them, ensuring security and compliance in a distributed work environment.

Hybrid work models blend in-office and remote work, offering flexibility but also creating vulnerabilities. In Australia, businesses have increasingly adopted hybrid models, leveraging technologies such as cloud computing and virtual collaboration tools. However, this shift has expanded the attack surface, making it critical for organisations to reassess their GRC frameworks. The reliance on personal devices, home networks, and cloud-based applications has created new security and compliance challenges. Furthermore, Australian regulations such as the Privacy Act 1988 and industry-specific standards require organisations to adopt robust security measures to protect sensitive data. Ensuring that employees and systems remain secure while maintaining regulatory compliance is now a top priority for organisations.

The rapid adoption of hybrid work has outpaced many organisations’ ability to adapt their policies and technologies. The Australian Cyber Security Centre (ACSC) has highlighted the increased risks of ransomware, phishing, and supply chain attacks in remote work scenarios. Organisations must address these risks proactively while aligning with national standards like the Essential Eight to enhance cyber resilience.

Key Risks in Hybrid Work

  • Increased Endpoint Vulnerabilities: Remote devices, often outside the corporate network, are more susceptible to malware and phishing attacks.

  • Data Privacy Challenges: Handling sensitive information outside secure office environments increases the risk of data breaches and unauthorised access.

  • Compliance Complexities: Ensuring adherence to regulations or industry-specific standards becomes more challenging with a distributed workforce.

  • Insider Threats: Unmonitored remote work environments can lead to accidental or intentional insider attacks.

  • Cloud Security Risks: Increased reliance on cloud services requires robust controls to prevent unauthorised access and data leakage.

Strategies to Address Hybrid Work Risks

1. Strengthen Endpoint Security: Deploy endpoint detection and response (EDR) solutions, ensure devices are regularly patched, and enforce the use of secure configurations.

2. Enhance Data Protection: Implement encryption for sensitive data, use data loss prevention (DLP) tools, and monitor data flows to prevent unauthorised access.

3. Adopt Secure Collaboration Tools: Choose platforms with robust security features, such as end-to-end encryption, to protect communication and file sharing.

4. Regularly Review Compliance: Conduct periodic audits to ensure that your organisation’s policies align with relevant regulations and standards.

5. Foster a Security-First Culture: Provide ongoing training to employees on hybrid work security best practices, such as recognising phishing attempts and using VPNs.

6. Develop Incident Response Plans: Create and test response plans tailored to the hybrid work environment to ensure quick and effective action in the event of a breach.

7. Implement Access Controls: Enforce strict identity and access management policies to ensure only authorised users can access critical systems and data.

By updating their GRC strategies, organisations can mitigate these risks and ensure a secure and compliant hybrid work environment. A proactive approach to governance, risk management, and compliance will enable businesses to thrive in this new normal. Building resilience in a distributed workforce is essential for long-term success in today’s interconnected world.

For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.

What we read this week

  • Chained Vulnerabilities Exploitation in Ivanti Cloud Service Applications - Threat actors are actively chain exploiting multiple vulnerabilities in Ivanti cloud service applications, as confirmed by joint CISA-FBI advisories. Attackers are chaining flaws to gain initial access, escalate privileges, and exfiltrate data from compromised networks. The agencies strongly urge immediate patching, multifactor authentication, network segmentation, and hardened configurations to reduce exposure. Their analysis highlights sophisticated TTPs, emphasising the urgent need to follow recommended mitigations. Organisations should prioritise updates, log review, and enforce least-privileged access to prevent further infiltration and compromise.

  • Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices from Botnet - A Mirai-based botnet has reportedly launched a distributed denial-of-service (DDoS) attack measuring a record 5.6 terabits per second. This high-volume offensive was detected in January 2025 and is believed to be one of the largest ever recorded. According to The Hacker News, the botnet harnessed poorly secured Internet of Things (IoT) devices to flood its target with malicious traffic, lasted only 80 seconds and originating from over 13,000 IoT devices. Although the specific victim remains undisclosed, security experts emphasise urgent patching of IoT endpoints, implementing robust network segmentation, and adopting best practices to mitigate risks, as DDoS attacks continue to escalate in scale and frequency.

  • Ukraine CERT impersonation campaign leverages AnyDesk - Hackers are impersonating Ukraine’s cybersecurity agency, CERT-UA, to trick recipients into installing AnyDesk remote desktop software. The phishing emails claim to contain official guidance or urgent updates, prompting unsuspecting users to grant attackers unauthorised access. Once installed, threat actors can remotely control targeted devices, steal data, and deploy further malware. The campaign mirrors ongoing tensions around Ukraine’s cybersecurity landscape, where attackers exploit trust in legitimate agencies. Experts advise verifying message authenticity and installing software only from trusted sources, emphasising that vigilance and thorough checks are essential to prevent compromise.

  • Ransomware Group Impersonate MS Team IT support - Ransomware gangs are impersonating IT support in Microsoft Teams phishing attacks, warns BleepingComputer. By gaining unauthorised access to Teams channels, threat actors pose as legitimate staff members to trick unsuspecting employees into installing malware or providing credentials. This social engineering tactic capitalises on the trust users place in internal communications platforms, potentially granting attackers lateral movement and eventual network-wide compromise. Experts recommend implementing multifactor authentication, restricting guest access, and offering employee training to verify suspicious requests. Users are strongly urged to remain vigilant, as these attacks continue to evolve in scale and sophistication.

  • Supply Chain Attack exploiting Chrome Extensions Uncovered - Sekoia has discovered a supply-chain attack on Google Chrome browser extensions, where attackers compromised developer accounts or distribution channels to inject malicious updates. This tactic allows threat actors to collect personal information, steal passwords, and install further malware. Several popular extensions are affected, showing how quickly these intrusions can spread. To reduce exposure, security experts recommend thorough code reviews, multi-factor authentication for developer accounts, and ongoing monitoring of extension changes. Both developers and end users should remain vigilant to minimise the risk of compromise and unauthorised access.

References
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
https://thehackernews.com/2025/01/mirai-botnet-launches-record-56-tbps.html
http://therecord.media/fake-ukraine-cert-anydesk-requests-hackers
https://www.bleepingcomputer.com/news/security/ransomware-gangs-pose-as-it-support-in-microsoft-teams-phishing-attacks/
https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/
Shane Bell
Previous

#NSBCS.059 - Under the (Attack) Surface
Next

#NSBCS.057 - PSA: Turn on your Microsoft 365 Audit Logging!