A couple of days ago I had a phone conversation with a fellow security practitioner. We were exchanging thoughts regarding the new norm whereby both our companies were forced into a new situation--work from home for 100% of our workforce.
COVID has many effects on our day-to-day lives and from a professional perspective, it’s what we now call--the scattered perimeter.
Both of our organizations were designed to support some remote work, but we never planned to have EVERYONE working remotely. For some people in certain positions it makes perfect sense. For others, it’s completely puzzling. And even from a network security architecture and security operational perspective, we felt like most organizations must not be ready.
The virtual perimeter that was defined to protect our users now partially exists. People are everywhere working crazy hours. How do we protect that now?
With hundreds of new laptops now installed to support this new norm, I started by asking one simple question…that led to a few more. What if a ransomware attack is now successful? How do you plan to recover from that? What is the impact on your business? How long will it take? What is the expectation of the people at home?
Now, if there was a compromised situation and there’s a ransomware ask, would you pay for it? Or, would you ship the laptops back and forth?
The best answer I can give is that I don’t know if there is a right answer, but I think I might pay if it was cheaper. This scenario is certainly something we need to think about.
With everything going on in today’s pandemic, the C-level is trying to figure out how to handle having 100% remote employees, giving them the right equipment to do their jobs, the right access, and the built-in security to ensure that their IP & work information is secure. The communication is another piece that’s impacted in the new norm as most people turn to email and virtual conferencing vendors to communicate and get work done.
Email has always been the main channel for communication and gets even more of an importance now. Cybercriminals know this very well. They are acting fast and getting even more creative. They know everyone is vulnerable, they understand the chaos and they know they will benefit from it. Email is the most common and inexpensive channel for these criminals. All they need is ‘one-click’ to call it a success. When employees are working remotely, especially in today’s quarantine situation, they’re balancing a lot of different things. It’s an easy honest mistake for them to act on a malicious email. And there--we have a compromised situation.
Security leaders and teams were struggling before the new norm to keep up with the evolving cyber threat landscape. Today’s scattered workforce and perimeter makes it even harder. From email security alone, how do you expect a SOC Analyst to keep up with phishing emails that are running around the clock and how is he/she supposed to remediate or clawback malicious emails when people are working at different times during this quarantine phase that we’re going through?
Here is my take on overcoming some of these challenges.
Your organization can set standard operating procedures for how team members install and deploy hardware, software and connectivity remotely. Many already have some form of work-from-home protocols, tools and processes--USE THEM!
For organizations who have not moved their applications and security to the cloud, this is a huge wake-up call. Triaging and treating problems are much easier, faster and more effective with cloud-based solutions--ironic given all the reasons people avoided moving to the cloud (security!).
Even in the best of security postures, things will happen. How does a scattered SOC team work together to extend a protective veil over at-home users and apps, track devices, monitor threats? Take advantage of a virtual SOC that can manage some of the aspects. From an email security perspective, we can offer a virtual assistant that can automatically take care of phishing threats so you can focus on other important things.
Your employees, including your SOC Analysts, are still figuring out this whole remote situation. They are stressed, working alone and at various hours throughout the day. Built-in chat communities will facilitate collaboration and get them more connected with their IT peers and reach resolutions fast.
These are crazy times. We couldn’t have predicted it. Still, we can take actions to protect what’s important to us--our health, our family and our information. I understand that email security is not on every CISO’s radar as it should be. However, as my way forward, I want to ensure business mailboxes are protected. With no strings attached, I am happy to offer 60-day protection--on us.
The times are testing us, but we will get through this together. Let us take care of your email security so that you can focus on other things.