Keeping Your Focus in a Time of Insecurity Founder and CEO of PlexTrac, Inc., Dan DeCloss, shares his thoughts on the critical issues facing cybersecurity teams during the COVID-19 pandemic The sudden and unprecedented outbreak of COVID-19 has disrupted employees in nearly every industry and forced many enterprises to scramble to support a predominately remote workforce. Every organization’s cybersecurity measures will be tested like never before as the world continues to see cyber-attacks become as novel as the virus. Is your team ready for the challenges the global pandemic is presenting and will continue to present over the coming months? Building a mature security program is complex and broad. Three areas are of particular concern as teams strategize their rapid response in the coming weeks: Asset management, Cloud security, and Effective collaboration. How security teams work together to adjust to a broadly remote workforce who are using cloud-based technologies and organizational assets outside of the usual oversight will help define success in cybersecurity through this crisis and in a new post-pandemic mindset. Consider these questions as you shift from a reactive position to a proactive plan in your security management. 1. How are you tracking your assets when they aren’t as visible to you? As employees set up home office spaces, your organizational assets are dispersed and will be used in settings and ways no one has pre-approved or anticipated. Managing these assets in less secure settings and protecting them from attacks should be a priority. Training employees to follow organization usage protocols and to be savvy about cyberattacks is important, but you will need to go beyond these measures to assure your data is secure. The focus on a “zero trust” model is more important now than ever before. While the move to zero trust is complex, you can immediately focus on a few areas first for quick results in protecting remote assets, including: Isolated VPN with MFA – If you don’t have a VPN for employees, you should do that now. If you have a VPN, ensure that the subnet for that traffic is isolated from other subnets on the network. Doing so helps to isolate remote traffic and can assist your security operations team when tracing log traffic. Finally, if possible, enforce Multi-Factor Authentication (MFA) for your VPN to prevent common attacks like password spraying. Disk encryption – Deploy a full disk encryption solution for laptops. Full disk encryption ensures that data living on your systems is protected if the system is physically lost or stolen. Remote vulnerability scanning – Vulnerability and patch management is vital for remote assets, but the isolation of these assets can make this challenging. When running scans, remote assets may not be accessible by your scanners or those assets may be off. To aid in these scenarios, you should consider more frequent scanning of the subnets for remote assets and tracking those scans more closely. Don’t assume that changes in vulnerability count from scan to scan mean that patching was successful; instead, you should positively verify the assets were scanned before removing/closing the vulnerabilities from the count. 2. How are you supplying and ensuring security for remote workers using cloud solutions? Cloud-based technologies are more important than ever for their accessibility and reliability. A cloud security strategy can be somewhat daunting. However, a few places to start are as follows: Cloud application security policy – Take an inventory of cloud applications in use and publish a policy around what cloud apps are acceptable. This policy may be an administrative control at first, but it at least provides users some guidance on what applications you deem safe. Data storage – Additionally, your policy should highlight where employees are allowed to save company data. The biggest heartburn you should have from a cloud security strategy is company data being saved to locations you don’t trust and for which you have limited to no visibility. A good first step in mitigating this risk is to provide your employees with guidance on what is acceptable cloud behavior regarding company data and resources. Employee identity management – Finally, encouraging good identity management in the cloud is vital. All employees should employ a robust password management strategy with MFA turned on for all applications that support it. 3. Finally, how will you keep a centralized view of your current security posture and work collaboratively with a dispersed team? Continuing to do periodic and routine security assessments is imperative as hackers continue to escalate attacks to exploit the chaotic situation that COVID-19 has created for us all. All security assessments are going to be remote at this time, thus you need an effective way to collaborate with your remote teams. Ongoing security assessments – Being proactive is always the best strategy to identify key gaps in your security posture whether managing a remote workforce or not. Continue to run security assessments and stay focused on protecting the crown jewels of your organization. Cross organizational focus – Do not let a bifurcated security team slow you down. Find ways to continue to collaborate and show security progress. While a platform like PlexTrac is ideal for this situation, what’s most important is that you ensure your security teams continue to keep their focus on finding, prioritizing, and fixing security risks. This is a new paradigm for many and hopefully we can all support each other as we work together to keep each other safe from all threats, cyber and coronavirus alike. Stay healthy and safe.
Vulnerability Assessment vs Penetration Testing: Understanding the Key Differences Vulnerability Assessment vs Penetration Testing READ ARTICLE
Unlocking Continuous Threat Exposure Management: New Features for Prioritizing Remediation Based on Business Impact The evolution of product security READ ARTICLE