Remote Working Challenges Aplenty for Cybersecurity Pros
Nearly all cybersecurity pros are working remotely full time.
Nearly all cybersecurity pros are working remotely due to the COVID-19 pandemic. And many no longer focus on their normal tasks.
That’s according to ISC2‘s latest survey of 256 cybersecurity professionals. They shared insights into how their work has changed during the first several weeks of the pandemic. Remote working challenges are common.
Eighty-one percent said their job functions have changed during the pandemic, with 90% of cybersecurity pros working remotely.
Nearly half, most of whom are cybersecurity pros working remotely, are not doing some of their typical security duties. Instead, they’re assisting with other IT-related tasks like equipping remote workforces.
Fifteen percent said their teams don’t have the resources to support remote workers.
One respondent summed up the factors contributing to an opportune situation for cybercriminals:
“COVID-19 hit us with all the necessary ingredients to fuel cybercrime: 100% work from home (WFH) before most organizations were really ready; chaos caused by technical issues plaguing workers not used to WFH; panic and desire to ‘know more’ and a temptation to visit unverified websites in search of up-to-the-minute information; remote workforce technology supported by vendors driven by ‘new feature time to market’ and not security; employees taking over responsibilities for COVID-19 affected coworkers (unfamiliarity with process); and uncertainty regarding unexpected communication supposedly coming from their employers.”
ISC2’s Wesley Simpson
To find out more about cybersecurity pros’ remote working challenges, we spoke with Wesley Simpson, ISC2’s COO.
Channel Futures: What were some of the most surprising survey findings about remote working challenges?
Wesley Simpson: Learning that nearly half of cybersecurity staff have been reassigned to IT tasks was what surprised us most, especially as 81% indicated their organizations have categorized security as an essential function during this pandemic.
CF: With nearly half of cybersecurity pros being reassigned to IT, is that leaving more organizations vulnerable to cyberattacks? If so, why?
WS: Twenty-three percent of respondents indicated their organizations are seeing an increase in security incidents, at a time when nearly half of these respondents are being pulled into other areas of IT. This kind of situation is obviously not ideal or sustainable for keeping organizations protected. This is magnified by the fact that 34% of respondents said they have the resources they need to support a remote workforce, but only for the time being.
CF: Do remote working challenges for cybersecurity pros put them at a disadvantage when compared to onsite? If so, why?
WS: While 10% of the respondents to our survey said they are still going into the office, the rest say they are working remotely and did not indicate being at a disadvantage, although we did not ask them specifically about this. Fortunately, cloud technologies and VPNs make it easier for cybersecurity tasks to be handled from remote locations, but I don’t think anyone would go as far as to say that this situation is ideal.
CF: Can MSSPs and other cybersecurity providers help ensure optimum security during this difficult transition?
WS: Our survey doesn’t cover how organizations are using third-party support during this time, but I would imagine that as cybersecurity staff are being repurposed with IT tasks, organizations may be looking to MSSPs to help fill the gaps.
CF: Does the ongoing cybersecurity talent shortage play a role in these remote working challenges?
WS: Absolutely. Our 2019 Cybersecurity Workforce Study showed that there is a shortage of more than 4 million trained cybersecurity personnel globally, and I think that unfortunately, for those companies that were not already fully staffed in their security departments before COVID-19, this pandemic has likely put even more stress on their programs.
CF: Are there any indications that cybersecurity eventually will catch up to this new normal? If so, how?
WS: We’re still in the early stages of this situation, and no one knows exactly how long it will last or what the new normal will look like. But if I had to bet …
… on one group to show resiliency and figure out ways to step up to the plate for their organizations, it would be cybersecurity professionals.
Heading Back to Work Brings Security Risks
As a number of workers transition back to working in a physical office, special considerations arise for security teams.
Avertium says one of the best ways to approach this challenge is to revisit the company incident response (IR) plan.
Paul Caiazzo is Avertium’s senior vice president of security and compliance. He tells us there are risks to bringing back devices operating in untrusted networks.
Avertium’s Paul Caiazzo
“Security teams need to be mindful of potential exposures those devices [had] while outside the scope of visibility or control of the security team,” he said.
Well-prepared organizations might maintain visibility through a cloud-based security information and event management (SIEM) or endpoint detection and response (EDR) tool. But all organizations, including those well prepared, need to take extra steps to bring devices back online, Caiazzo said.
“For our MSSP customers, we’ve been able to maintain continuity of protection, detection and response through our cloud-based platforms. But since no control is perfect, we have guidance for even those customers,” he said. “The volume of attacks we’ve seen over the past months push us toward an abundance of caution in returning to work. We are recommending all remote-based machines [come] back into the corporate environment through several gateways.”
Devices should go into a secured sandbox to prove they pose no new risks, Caiazzo said. Also, patch levels must be verified as remote devices may lack critical software patches.
Antimalware/ransomware signatures also need to be verified, and scans are needed to ensure the device is clean.
It’s likely we’ll see malware designed to infect a victim and then remain dormant until the victim is brought back into the corporate environment to have a bigger impact, Caiazzo said.
“Caution and vigilance will pay dividends,” he said.
Network access control (NAC) systems should be updated to inspect all devices for patch level, vulnerability state, and clean anti-malware/ransomware scans before granting network access, Caiazzo said. An advanced MSSP can guide a customer through this process.
Avertium provides a number of tips for revising existing IR plans. It recommends locating and documenting crucial data assets, and prioritizing remediation of security issues discovered during the assessment.
Also, communicate with internal and external stakeholders, and reconfirm their roles and responsibilities. And customize the plan to meet challenges presented by the new circumstances.
“A rigorously developed, relevant IR plan that considers potential impact to all aspects of your business in their current and future states prepares you to quickly mobilize around minimizing the impacts of a breach,” Caiazzo said.
WatchGuard, Deutsche Telekom Partner for SMB Cybersecurity
WatchGuard Technologies has launched Business Network Protect (BNP) Complete, an enterprise-grade security solution for SMBs built in partnership with Deutsche Telekom.
BNP Complete combines Deutsche Telekom’s internet and WatchGuard’s security services. It simplifies security for environments lacking the resources to defend against cyberattacks on their own.
WatchGuard’s Michael Haas
Michael Haas is WatchGuard‘s area sales director for Central Europe. He said BNP Complete will benefit WatchGuard’s partners.
“Installations in environments like dental practices, law offices and retail shops present exciting cross-selling opportunities and openings into new relationships with local customers for each partner in the region,” he said. “These cross-selling opportunities include adding secure Wi-Fi solutions and deploying a trusted wireless environment to protect against wireless threats, adding endpoint protection services with WatchGuard AuthPoint and DNSWatchGO, and more.”
It’s never been easier to protect customers against cybercriminals, malware and …
… ransomware, Haas said.
“The deployment and management of this solution is centralized in the network operating center from Deutsche Telekom,” he said. “It´s a cinch to get new a firewall deployment up and running. Just plug in the power and network cables — and that´s it.”
Ironscales Updates Email Security Platform
Ironscales has added a new community chat room feature to its email security platform.
It allows internal collaboration between the security operations center (SOC) and security teams adjusting to remote work and telecommuting conditions.
Security practitioners discuss common and mutually experienced threats. Analysts can anonymously exchange questions and respond with guidance on suspicious email incidents.
Eyal Benishti is Ironscales’ founder and CEO. He said Ironscales’ platform already provides unique benefits to channel partners.
“For MSPs and MSSPs in particular, the platform’s ability to automatically detect, respond and even prevent phishing attacks with little to no human involvement has empowered managed service security analysts to spend less time on phishing mitigation and more time attending to other sensitive security tasks impacting their customers and themselves,” he said. “In addition, the platform is increasingly popular among resellers and distributors because of its ubiquity in solving all of the complexities of email phishing at both the gateway and mailbox levels. This means that their customers can consolidate email security and antiphishing tools into one solution.”
Ninety percent of Ironscales’ sales come through the channel, Benishti said said.
“Email remains the No. 1 vector for all cyberattacks, and the increase in frequency and complexity of daily attacks is putting a strain on security teams worldwide,” he said. “This two-way communication within our platform is yet another way Ironscales harnesses the collective power of human and machine intelligence to accelerate the decision-making process when the time from threat discovery to attack remediation is of the essence.”
SiteLock Adds Security Awareness Training
SiteLock this week unveiled its new security awareness training and phishing simulation.
The new product provides security assessments, integrated learning paths, phishing simulations and more. Organizations can prepare employees to be their first line of defense against cyber threats.
SiteLock’s Eyal Benishti
“In the face of an ever-evolving threat landscape, it’s crucial to educate employees on security best practices, no matter if they are working within the organization or at home. Security awareness training and phishing simulations teach employees to keep security top of mind at all times, helping to prevent data breaches, ransomware and other cyber threats that put organizations at risk,” said Neill Feather, SiteLock’s CIO.
Security awareness training helps keep data out of the wrong hands, according to SiteLock.
The new product is available alongside a number of enterprise-grade security solutions. SiteLock protects more than 16 million websites globally.
Read more about:
MSPsAbout the Author
You May Also Like