Remote Working Challenges Aplenty for Cybersecurity Pros
… on one group to show resiliency and figure out ways to step up to the plate for their organizations, it would be cybersecurity professionals.
Heading Back to Work Brings Security Risks
As a number of workers transition back to working in a physical office, special considerations arise for security teams.
Avertium says one of the best ways to approach this challenge is to revisit the company incident response (IR) plan.
Paul Caiazzo is Avertium’s senior vice president of security and compliance. He tells us there are risks to bringing back devices operating in untrusted networks.
“Security teams need to be mindful of potential exposures those devices [had] while outside the scope of visibility or control of the security team,” he said.
Well-prepared organizations might maintain visibility through a cloud-based security information and event management (SIEM) or endpoint detection and response (EDR) tool. But all organizations, including those well prepared, need to take extra steps to bring devices back online, Caiazzo said.
“For our MSSP customers, we’ve been able to maintain continuity of protection, detection and response through our cloud-based platforms. But since no control is perfect, we have guidance for even those customers,” he said. “The volume of attacks we’ve seen over the past months push us toward an abundance of caution in returning to work. We are recommending all remote-based machines [come] back into the corporate environment through several gateways.”
Devices should go into a secured sandbox to prove they pose no new risks, Caiazzo said. Also, patch levels must be verified as remote devices may lack critical software patches.
Antimalware/ransomware signatures also need to be verified, and scans are needed to ensure the device is clean.
It’s likely we’ll see malware designed to infect a victim and then remain dormant until the victim is brought back into the corporate environment to have a bigger impact, Caiazzo said.
“Caution and vigilance will pay dividends,” he said.
Network access control (NAC) systems should be updated to inspect all devices for patch level, vulnerability state, and clean anti-malware/ransomware scans before granting network access, Caiazzo said. An advanced MSSP can guide a customer through this process.
Avertium provides a number of tips for revising existing IR plans. It recommends locating and documenting crucial data assets, and prioritizing remediation of security issues discovered during the assessment.
Also, communicate with internal and external stakeholders, and reconfirm their roles and responsibilities. And customize the plan to meet challenges presented by the new circumstances.
“A rigorously developed, relevant IR plan that considers potential impact to all aspects of your business in their current and future states prepares you to quickly mobilize around minimizing the impacts of a breach,” Caiazzo said.
WatchGuard, Deutsche Telekom Partner for SMB Cybersecurity
WatchGuard Technologies has launched Business Network Protect (BNP) Complete, an enterprise-grade security solution for SMBs built in partnership with Deutsche Telekom.
BNP Complete combines Deutsche Telekom’s internet and WatchGuard’s security services. It simplifies security for environments lacking the resources to defend against cyberattacks on their own.
Michael Haas is WatchGuard‘s area sales director for Central Europe. He said BNP Complete will benefit WatchGuard’s partners.
“Installations in environments like dental practices, law offices and retail shops present exciting cross-selling opportunities and openings into new relationships with local customers for each partner in the region,” he said. “These cross-selling opportunities include adding secure Wi-Fi solutions and deploying a trusted wireless environment to protect against wireless threats, adding endpoint protection services with WatchGuard AuthPoint and DNSWatchGO, and more.”
It’s never been easier to protect customers against cybercriminals, malware and …