Chicken Little was always running around saying the same thing… until it really happened… and then no one believed him.
The cybersecurity industry has a similar problem, pushing fear to the populace of consumers, but in this case to push product into those anxious hands.
That’s bad business, because the short-lived bump in sales can leave a sour taste in customers’ mouths when the value doesn’t pan out the way they’d hoped.
After all, plenty of organizations have tools but are still being attacked and breached.
Choosing the Right Cybersecurity Tools Requires Careful Planning
Now, I know that cybersecurity tools are critical to the protection of every facet of businesses these days, so what am I advocating?
I’m not asking you to shun cybersecurity tools, but instead to architect and implement the right tools and processes for your organization to get the most protection and value to your critical assets, data, and – most importantly – people.
Okay, let me step off my soapbox and hopefully give you something tangible to take away.
Remote Work Means More Opportunities for Attack
With the global COVID-19 pandemic transpiring, there is another element at play now – a new season, if you will.
Most organizations are now allowing or even requiring employees to work remotely. Organizations are adjusting to over a 90% remote workforce for the foreseeable future and we look to weather this vastly distinctive situation we find ourselves in.
I would further argue that there are critical priorities to address during the hurried deployment of new endpoints, altered network access, data creation, and collaboration methods.
I contend a good leader, especially in the midst of chaos, should prioritize and execute. In the rush for deployment, new vulnerabilities were introduced and there are three critical areas that need to be addressed.
- Remote Access Requirements
- Identity Authentication – SSO/MFA
- Endpoint Protection, Detection, & Response
Remote Workforce Security Considerations to Prioritize:
The stark reality is that millions are now working from home. Any and all surplus supplies of laptops were deployed in order to provide for these new remote workers.
Now the race is on to get your employees up and running, accessing internal network resources, and working to establish normality… but, you know, remotely now.
Do you have the hardware capabilities to flip the switch for the vast majority of your workforce on simultaneous VPN, for example?
Do you have secure access solutions, i.e. CASB, for any applications or data that are cloud-enabled?
Many cybersecurity companies are now offering free trials of their capabilities to get your workforce up and running as quickly as possible and give you time to make the right long-term decision that truly enables your workforce now!
Identity Authentication (SSO/MFA)
With so many new users working in a different location than the traditional perimeter, users will need to access company resources at any location.
Even simple resources such as corporate email will be opened to web access, if they’re not already.
The largest success in blocking malicious attacks for user authentication is deploying multi-factor authentication (MFA) protection to logins across the enterprise.
To simplify your employees’ access, single sign-on (SSO) should also be architected for ease of use and visibility to the enterprise.
SSO or identity governance will also enable policy to secure access for only the files or locations a user’s role should allow (RBAC).
Endpoint Protection, Detection, & Response
Before you handed out those laptops just to keep the business operating, did you deploy corporate images with sanctioned security mechanisms and software already approved by the business?
Endpoints Remain a Major Attack Vector
With any expedient deployment, security often comes as an afterthought. Endpoints, specifically laptops outside of the corporate network, continue to be the plight in breaches.
Whether through malware, ransomware, or simply navigating to unsafe websites, users and tools are interacting in a very different environment than all the protections afforded to them on the corporate network.
EPP Protects, EDR Remediates
Use at least endpoint protection (EPP), a category defined as the replacement of antivirus and capable of thwarting malicious attacks, to keep the endpoints protected.
If your network is breached, use endpoint detection and response (EDR) capabilities to remediate those critical endpoints with access to corporate data.
Managed Detection & Response Reduces Alert Fatigue
Better yet, have someone help you with the deluge of alerts coming from your environment.
Managed detection and response (MDR) services give you real control over visibility and remediation so you can task your employees with the most important work that needs to get done.
Read the Remote Workforce Security Guidebook
If you are looking for some quick suggestions on tools available to get you started, take a look at our remote workforce security guidebook that I created along with a few other fellow cybersecurity veterans.
I would also be glad to talk more specifically about tools that are customized to work in your environment if you want to send me an email.
Our collective goal should be to prevent breaches, reduce an attacker’s dwell time and, as we are able, prevent anything malicious happening in the first place!
Author: Mitchem Boles, CISSP Senior Security Architect at CRITICALSTART
March 26, 2020