While the initial urgencies brought about by the sudden need for many to move into remote working are beginning to diminish, chief information security officers (CISOs) need to focus not only on new risks and threats, but also address existing security-related challenges over a far more dispersed environment.
By Stefan van de Giessen
CISOs now need to replicate security measures over hundreds of internal and home networks, and the needs have become more critical, very quickly – in essence requiring security managers to play catch-up.
Securing the endpoints
The edge of the network is, for all intents and purposes, gone and has been replaced by a new endpoint edge for employees working from home using laptop computers, tablets and phones. This provides entry points to a wider network penetration by the threat actor, which could harm the organisation.
Endpoint protection therefore plays a critical role in the overall protection of the network in safeguarding valuable data and information.
When we look at how to protect this new edge, the simplest way is basically to lock down the endpoint with telemetry so that your on-and-off network setting applies. This is an effective way of locking down websites, apps and installations, and will require each user to get authentication for any install or uninstall by a network admin.
The downside, of course, is that you could hamper employees’ functionality in terms of research abilities and web access, and with it you dampen their morale.
The answer lies in a robust endpoint system to be able to prevent, detect, respond to and remediate endpoint threats as soon as they happen. Endpoint detection and response (EDR) and managed detection and response (MDR) will allow you to detect and respond to threats, instantly and in time to mitigate.
In terms of malware and ransomware, in the case of a breach, you require an endpoint security vendor able to initiate a malware rollback of the endpoint to its pre-infected state.
Ease of deployment of the solution has also become more important during the current lockdown period.
In addition, security engineers who are working from home on customer networks must have firewalls at their home offices. It would be irresponsible to logon to a customer network if your home network could be compromised.
Phishing on the rise
Another big vector to look at is email, which has become a key area of attack. With more people working from home, email has become even more prevalent in an organisation’s communications, making this entry point even more attractive to the threat actor, and increasingly susceptible.
We’re seeing cybercriminals now getting very creative with their phishing emails, even sending them from inside the networks. This brings with it the need to educate your employees to the dangers of phishing, as well as installing an advanced protection product for clarity and peace of mind.
Vulnerability management
CISOs have always prioritised the vulnerabilites within their networks. There is now a growing need to start tracking the vulnerabilities within the endpoint space.
Attackers are looking at vectors that are a lower risk score to access the endpoint, and we have seen threat actors recently starting to re-exploit older vulnerabilities.
Finally, the growing need for two-factor or multi-factor authentication in order to access private information while working remotely is of paramount importance.
Don’t let the dust settle on your security requirements
“Connectivity first” was a focus for many IT managers during the early stages of the lockdown. Many organisations had to dramatically increase their ability to meet the needs of remote working, resulting in a sudden uptake in the deployment of virtual private networks (VPNs).
These, however, can be infiltrated and so the VPN, while helping to solve the problem of connectivity, also needs to be secured.
Now that we are all a few months into this different phase of global working, there is no time to become complacent. Your employees are connected – if you haven’t already done it from the start, it’s now time to close the security and control gaps in your remote working arrangements.
Stefan van de Giessen is the GM: cybersecurity at Networks Unlimited Africa