Chicken little was always running around saying the same thing… until it really happened… and then no one believed him. The cybersecurity industry has a similar problem, pushing fear to the populace of consumers, but in this case to push product into those anxious hands. That’s bad business, not just in practice, but also in practicality because the short-lived bump in sales can leave a sour taste in customers’ mouths when the value doesn’t pan out the way they hoped. After all, plenty of organizations have tools but are still being attacked and breached. Now, I know that cybersecurity tools are critical to the protection of every facet of businesses these days, so what am I advocating? I’m not asking you to shun cybersecurity tools, but instead truly architect and implement the right tools and processes for your specific organization to get the most protection and value to your critical assets, data, and most importantly people. Okay, let me step off my soapbox and hopefully give you something tangible to take away.

With the global COVID-19 pandemic transpiring, there is another element at play now: a new season if you will. As is evident, a vast majority of organizations are allowing or even requiring employees to work remotely. Organizations are adjusting to over a 90% remote workforce for the foreseeable future and we look to weather this vastly distinctive situation we find ourselves in. I would further argue that there are critical priorities to address during the hurried deployment of new endpoints, altered network access, data creation, and collaboration methods. I contend a good leader, especially in the midst of chaos, should prioritize and execute. In the rush for deployment, new vulnerabilities were introduced and there are three critical areas that need to be addressed.

1. Remote Access Requirements
2. Identity Authentication – SSO/MFA
3. Endpoint Protection, Detection, & Response

 

The Problem & The Fix

Remote Access

The stark reality is that millions are now working from home. Any and all surplus supplies of laptops were deployed in order to provide for these new remote workers and the race is on to get your employees up and running, accessing internal network resources, and working to establish normality, but you know… remotely now. Do you have the hardware capabilities to flip the switch for the vast majority of your workforce on simultaneous VPN for example? Do you have secure access solutions, i.e. CASB, for any applications or data that are cloud-enabled?

Quite a few cybersecurity companies are now offering free trials of their capabilities to get your workforce up and running as quickly as possible and give you time to make the right long-term decision that truly enables your workforce now!

 

Identity Authentication (SSO/MFA)

With so many new users working in a different location than the traditional perimeter, users will need to access company resources at any location. Even simple resources such as corporate email will be opened to web access, if not already. The largest success in blocking malicious attacks for user authentication is deploying Multi-Factor Authentication (MFA) protection to logins across the enterprise. To simplify your employees’ access, Single Sign-On (SSO) should also be architected for ease of use and visibility to the enterprise. SSO or Identity Governance will also enable policy to secure access for only the files or locations a user’s role should allow (RBAC).

 

Endpoint Protection, Detection, & Response

Before you handed out those laptops just to keep the business operating, did you deploy corporate images with sanctioned security mechanisms and software already approved by the business? With any expedient deployment, security often comes as an afterthought. Endpoints, specifically laptops outside of the corporate network, continue to be the plight in breaches. Whether through malware, ransomware, or simply navigating to unsafe websites, users and tools are interacting in a very different environment than all the protections afforded to them on the corporate network.

Utilize at least Endpoint Protection (EPP), a category defined as the replacement of Anti-virus and capable of thwarting malicious attacks, to keep the endpoints protected. But when the milk spills, and it will, utilize Detection and Response (EDR) capabilities to remediate those critical endpoints with access to corporate data.

Better yet, have someone help you with the deluge of alerts coming from your environment, like Managed Detection and Response (MDR), give you real control over visibility and remediation, and utilize your employees for the most important work that needs to get done.

If you are looking for some quick suggestions on tools available to get you started, take a look at this guidebook I created along with a few other fellow cybersecurity veterans. I would also be glad to talk more specifically about tools that are customized to work in your environment if you want to send me an email. Our collective goal should be to prevent breaches, reduce an attacker’s dwell time, and as we are able, prevent anything malicious happening in the first place!

 

Author: Mitchem Boles, CISSP Senior Security Architect at CRITICALSTART

March 26, 2020