What CISOs Should Know About Returning to the Office
Infosecurity leaders are facing a few fundamental challenges when it comes to the return to a physical office space. One of the biggest challenges is the visibility CISOs have lost into employee endpoints. Many employees’ devices have been on an open home network for over a year, so it is tough to determine where they all stand from an endpoint protection perspective. Additionally, the rapidly evolving nature of the threat landscape is a huge issue.
Malicious actors are performing attacks with a new level of sophistication and speed. For example, we found that two-thirds of organizations have been targeted by ransomware over the past year and that same percentage witnessed incidences of counter incident response since the start of the pandemic. This reflects the increasingly destructive nature of cybercrime today and why cybersecurity teams are feeling the fatigue. Between the global skills gap and short-staffed security teams facing an onslaught of attacks, organizations are struggling to find an effective security posture.
Additionally, CISOs and security teams need to keep the idea of malicious insiders on their radar. These have become increasingly popular over the past year as many people were strapped for cash and were looking for quick avenues to make money. It occurs when someone within the organization utilizes forums and sells credentials to cybercriminals outside of the organization.
These attackers have a goal of penetrating environments and performing credential harvesting. If CISOs can build a program designed to detect those insider threats, their organizations will be better equipped compared to those that are not.
How do employees’ personal devices impact an organization’s security posture? How can organizations proactively address the risk?
Employees’ personal devices pose a huge risk to an organization’s security posture. CISOs now face the task of gaining back the visibility that was lost when the shift to remote work began in March 2020. Having good endpoint detection and response is key. Using tactics like threat hunting can significantly strengthen an organization's security posture. A recent survey found that 81% of respondents are already conducting threat hunting, which indicates that CISOs and security teams are looking to proactively protect their organization.
Additionally, organizations should consider a cloud-first approach for improved network and endpoint security that serves an anywhere workforce. This will help with security posture as many employees will still choose to work remotely even after COVID-19 restrictions are lifted or in the case of future events that may require immediate remote work, such as power outages or chemical spills.
We often hear security is a shared responsibility - so how can employees not in security do their part?
As cybercriminals become increasingly savvy, and our devices become a key part of both our professional and private lives, multi-factor authentication is a great form of security that the everyday employee can utilize. Using a password is as antiquated as using a standard key on your front door, it's locked but someone can easily copy the key and get access. For this reason, it’s important to prioritize multi-factor authentication, in the form of behavioral and continual authentication, and move away from a central store of identities, which can easily be hacked.
One good thing that resulted from the COVID-19 pandemic is increased awareness around security. Before, you heard a lot of talk about the rocky relationship between security and IT teams, as well as the lack of budget for security projects. Now businesses are seeing much more of a partnership between the two teams, as well as increased budget to enhance security measures across all levels of the organization. From an individual standpoint, employees can help secure the organization by ensuring they are working on secure networks when out of the office, as well as implementing two-factor authentication as an extra precaution against attackers.
Are there any best practices for CISOs and their security teams as they plan a return to office, full-time or in a hybrid capacity?
Overall, organizations are looking at a few avenues as they plan to return to the office. Many are taking a tiered approach and bringing employees back slowly. This will help minimize the number of notifications to their in-office IT system as technologies that have not been connected for over a year start to reconnect to the network. Another effective practice is the implementation of a “quarantine network.” This will be key to securing an organization’s network as employees bring their devices back to work. A “quarantine network” attaches to a network that is micro-segmented and will run patching updates to security software first.
As part of the return to office plan, CISOs should consider including a refresher course, reminding employees of common tactics cybercriminals use to invade networks such as phishing emails. Advising employees to keep an eye out for small tricks like that can make a huge difference in the long run when it comes to protecting your network.