Employees will be making their way back to the office sooner rather than later. Here’s how security pros can plan for the next new normal.
Via Dark Reading:
Security teams have learned many lessons during the pandemic. Everything from zero trust to better authentication methods and behavioral analytics have become front-burner items.
And for good reason. The pandemic accelerated digital transformation, which expanded the threat landscape as entire office buildings of people moved home to work. Now, as offices reopen, security will remain just as challenging as workers split their time between the office and home and resume business travel.
“The past year should have been a wake-up call to security teams that have been resistant to change,” says Yaniv Bar-Dayan, co-founder and CEO of Vulcan Cyber. “As remote working becomes the norm even after the pandemic subsides, it’s critical to have an agile security team and infrastructure. Companies must carefully orchestrate and manage remediation activities, and organizations must continue to look for new ways to stay nimble, collaborative, and ready for the ever-evolving threat landscape.”
Security pros offer seven strategies to successfully manage the transition:
Treat All Returning Endpoints as High Risk
Companies really need to get serious about hardening employee laptops, adds Oliver Tavakoli, chief technology officer at Vectra. Security teams that have not already deployed an endpoint detection and response (EDR) platform should do so before the vast majority of workers come back to the office.
Watch Out for Intrusions with Long Dwell Times
It takes more than six months for a typical organization to detect and respond to modern cyberattacks. Once an attacker gains access into a corporate device or network, they are in no hurry to navigate from server to server looking for their catch, as such actions could alert the attention of IT and security analysts. Instead, they will take small, benign-looking steps, lying dormant for weeks or months in between. IT and security analysts often do not have the tools to correlate various weak signals to make sense of an attack in progress. Neither can they correlate events that occur weeks or even months apart. This gap in security coverage should concern organizations.
Provide Security Awareness Training for Returning Workers
Scams could include fraudulent promotions and deals for corporate travel, such as emails that promise special bonuses for returning to normal travel levels, he says. Employees will also need to stay on guard with what they share on social media, especially taking care not to tip off hackers if the organization is going through a tough transition. That’s just open season for hackers to prey on the initial chaos.
Leverage Behavioral Analytics
Some portion of the workforce will continue to work from home as others return to the office. Others may take a hybrid approach, working one or two days from home, and some will return to traveling. Companies will need to look out for anomalies that do or don’t make sense — for example, if a user logs on from China or a different time of day and it just doesn’t add up.
Pay Closer Attention to Vulnerability Remediation
Companies that were able to quickly pivot from brick-and-mortar to online operations, logistics, and sales models or embrace digital transformation have been able to achieve the inherent business value delivered by enabling cloud-native technologies. Those in highly regulated industries, such as finance and healthcare, moved at a slower rate and have faced greater business and security challenges. Reflecting on the experience as companies return to the office, organizations must build task forces for the most critical vulnerabilities within enterprise infrastructures. Security and IT teams can’t do it alone. They need to invest in collaboration platforms that will bring teams together, rather than relying on a confusing array of Excel spreadsheets and communication channels. And finally, they need to establish clear and uniform key performance indicators.
Use Identity and Access Management to Complement VPNs
The evolution to a hybrid work environment over the next several months means security must evolve from perimeter and network-based to focus on identity and privileged access management. Security teams will have to treat devices that have left the traditional office perimeter as they do bring your own device (BYOD) units, says Thycotic’s Carson. This will mean further segregating networks for untrusted devices, but securing them with strong privileged access security controls to foster productivity and access.
Consider Segmentation Technologies
The industry has to come to grips with the reality that it will sometimes fail, says Andrew Rubin, co-founder and CEO of Illumio Just look at the past several months, with major hacks around SolarWinds and Microsoft Exchange. Especially as employees head back to the office, security pros should look for solutions that segment workloads and endpoints so if and when a server gets compromised, the team can isolate it so it doesn’t infect the rest of the systems on the network. Security teams can limit spread by setting rules and policies for what systems can talk to one another.
