The exponential growth in the number of employees working from home has greatly expanded attack surfaces. Securing those new connections should be job number one.
Chief information security officers (CISOs) usually have a lot to worry about, but the dramatic growth in people working from home because of the COVID-19 pandemic has made 2020 more fraught with security threats than usual. Splunk recently outlined some of these threats in its list of the top ten things keeping CISOs up at night.
Briefly summarized, they are:
1. The Attack Surface Expands and Changes
2. Multi-Cloud Environments Present New Challenges
3. Managing Risk Includes Cyber Supply Chain
4. Digital Transformation Fuels Dynamic Analysis
5. Cybersecurity Talent Shortfall Worries CISOs
6. Budget Constraints Hinder Security
7. Compliance Penalties Create New Headaches
8. Combating Alert Fatigue Is an Uphill Battle
9. Insider Threats Fly Under the Radar
10. Security Training Provides New Perspective
Many of these trends boil down to the same drivers: the sheer number of Internet of Things (IoT) connections, the explosion in bring your own device (BYOD) adoption due to the workforce operating from home, the need to adopt more cloud platforms and hosted applications, and the brave new world of videoconferencing and team chat.
This has left yawning chasms for hackers to exploit. It’s not that the perimeter has widened. In some cases, it has evaporated completely.
Consequently, cybercriminals are finding more success in gaining entry to corporate systems. Phishing is on the rise, along with ransomware attacks and CEO fraud. When you factor in that suppliers, customers and employees are all working from home, the number of potential attack surfaces becomes hard to manage.
On top of all this, there are ongoing digital transformation initiatives, a general dearth of security talent that is getting steadily worse, budget constraints, and the relentless march of privacy, confidentiality and compliance mandates: CISOs are feeling the heat on all fronts.
When they log in each day, they are greeted by alarming reports about potential incidents and events. Even though most turn out to be unimportant or false positives, ignoring them completely could spell disaster.
And just when they think they have a handle on the various areas of external menace, insider malice rears its head. In this day and age, it is harder than ever for HR and security to keep track of who should have access to what, which accounts need deleted, and whose access privileges need to be cancelled immediately.
The solution to all this is far from simple. Security Information and Event Management (SIEM), better Endpoint Detection and response (EDR) and other security tools form part of the answer. But overall, CISOs are advised to step back and review the entire threat landscape rather than apply the latest and greatest new tool or a quick-fix approach to the ever-changing world of cybersecurity. Just making sure that all these new connections are secured would be a great place to start.
This article was originally published on 09-09-2020