The New Normal: Organizations Need Security Leaders More Than Ever

The world is changing at a pace not seen in modern history. Security leaders, including chief information security officers (CISOs), face new security challenges as well as opportunities. As COVID-19 drives workers to look for new ways to live and work, organizations must be proactive. The ‘new normal’ may seem scary at first, but savvy CISOs who see beyond tactical changes to the threat landscape can capitalize on opportunities. They need to start by contemplating the long-term impact of the COVID-19 crisis on various aspects of the security program.

Security Challenge No. 1:

Employees working outside of an office network impact the corporate security posture. 

A remote workspace is forcing CISOs to reimagine how they secure their companies, which have historically relied on corporate network security as their first line of defense. Specifically, endpoints such as corporate laptops will see the most impact from the shift to a remote workforce.  

The risks to endpoints have always existed, but our defenses weren’t built with a 100% remote workforce in mind. A corporate network comes with built-in security where a firewall, for example, has a primary role in blocking or responding to common threats. 

Even when we go back to the office, we can expect a significant change in the mix of employees who will come in and some who, either partially or permanently, will continue to work remotely – this hybrid model is here to stay. In the new normal, CISOs need to expect that some remote employees will work at cafes, and other public settings that may not benefit from basic protections such as Wi-Fi authentication. This will force companies to update policies to enable secure employee productivity while minimizing technology friction. Forward-looking security strategies need to deliver the same level of protection to the endpoint regardless of its location - on, or off the corporate network. In practical terms, CISOs need to accelerate adopting a Zero Trust approach to securing employee access. 

Zero Trust is an approach to security that enhances posture by eliminating reliance on the corporate network for protection. In effect, organizations decrease their reliance on network security — instead securing endpoints and backend applications. This new focus removes some of the anxiety of securing a remote office, and it also reduces the threat of “data leakage,” or employees accidentally losing sensitive company data downloaded to personal devices. 

A Zero Trust strategy for mitigating data leakage risks consists of tying the employees’ access to their IT-managed device, and depending on the risk tolerance of the organization, eliminating, or at a minimum, restricting the amount of sensitive information that can be accessed from personal devices.  A simplified example of what this might look like — employees can access all corporate resources they typically have access to from a managed device, but can only access collaboration solutions such as email and chat from personal devices. 

Security Challenge No. 2:

Non-corporate devices can lead to data leakage. 

Employees working from home are more prone to use their own, non-IT sanctioned devices to handle sensitive corporate data. These devices may not have the proper security solutions to protect them from prying eyes or malware. This leads to the potentially serious issue of corporate data spillage, a successful ransomware attack or compromise of sensitive data. 

The job of the CISO gets even more complicated as employees may use their corporate devices for personal use, or they may let a family member use a corporate device for non-sanctioned activities, which can increase the company’s exposure to malware. 

To respond to this challenge, security teams should adopt a strategy that includes a Zero Trust solution, endpoint detection and response (EDR) capabilities, a backend anti-phishing solution and awareness campaigns focused on the threats relevant to remote work. In addition, the information security function needs to extend its efforts to raise awareness of the potential impact of compromised personal systems, such as home computers, on corporate data. In fact, personal systems and email accounts can be used as “launchpads” to move laterally into the corporate network and cause further damage. The aforementioned awareness campaign ought to equip the employee with tools to recognize phishing attempts targeting their personal as well as corporate email accounts.  

Security Challenge No. 3:

The new normal is accelerating the shift to the cloud for many companies and agencies, which may increase security risks if not done in a thoughtful way. 

For years, large organizations from government entities to multinational corporations have built 5- to 10-year cloud migration plans. Those timelines went out the window when, over night, most workers were ordered to stay home. IT leaders managing on-prem corporate systems had to exponentially increase their VPN capacity to support employee connectivity. As a consequence, the VPN became the single point of failure in the employee productivity narrative. Accelerating cloud migration allows hedging the organization’s bets by capitalizing on cloud providers’ availability investments. On the flip side, moving to the cloud is not as simple as switching on a light. Securing data and infrastructure through cloud-based solutions requires robust security practices. Controls such as single sign on (SSO) and multi-factor authentication (MFA) are a must to ensure the secure access and effective monitoring of cloud-based solutions.

In addition, properly securing cloud systems entails heavy investments in detection and monitoring. To respond to the sharp increase in log volumes and cloud-centric attacks, the SOC must adopt new strategies to find “the needle in the haystack.” This new normal will require acquiring cloud security expertise, a best-of-breed security information and event management (SIEM) solution and scaling through automation. Specifically, automation is increasing in criticality because, even when budget is available, there is just not enough talent to “throw at the problem.” In addition to the SIEM, security operations automation and response (SOAR) tools have become a must have. While the SIEM harnesses the power of data science to enhance detection and response effectiveness, a SOAR solution can automate mundane tasks for SOC analysts and free them up to focus on more complex issues requiring human judgement.

When contemplating the current state of IT, it is obvious that SSO/MFA, SIEM and SOAR solutions have entered the realm of basic security hygiene. The exponential increase in the number of systems, platforms, micro-services and logs that constitute the scope of the cybersecurity mandate make it quasi-impossible to achieve an acceptable security posture without a modern security stack that includes the aforementioned tools.

Security Challenge No. 4:

Beware of uninvited collaborators. 

With the shift to 100% virtual meetings, attacks and security research targeting collaboration tools have increased considerably. Confidential discussions from M&A to board interactions that once took place in the confines of protected facilities have now become virtual. Protecting collaboration solutions, including video conferencing, is now more important than ever. Such protection comes in the form of secure configurations, proper access controls, security monitoring and timely patching of vulnerable software clients. Given the impact of changes to collaboration solutions on employee productivity, organizations ought to develop a robust change management program aiming to inform the employees of upcoming changes and respond to unintended availability issues. In addition, organizations need to acquire the capability to centrally manage and audit endpoints in order to effectively enforce policy. 

The Opportunity:

CISOs need to rethink their security strategy, starting with a risk assessment.

The threat and intelligence team at Splunk recognized the impact of the COVD-19 pandemic on cybersecurity early.  In collaboration with their cross-functional peers, they’ve conducted a risk assessment to measure our exposure. This exercise helped us make informed decisions on resource allocation and accelerate specific programs to proactively mitigate identified threats before they are experienced by our employees and technology. 

CISOs need to step back and appreciate the remote work model as the new normal. From that perspective, the strategies laid out in this post are, in effect, long-term investments that will live beyond the COVID-19 era. This is the CISO’s time to shine; employees and leadership are ready to listen.

Data will help businesses worldwide to reopen safely. Are you ready to learn how data can help your business? Learn more.

----------------------------------------------------
Thanks!
Yassir Abousselham