Where to Focus Security Resources Mid- and Post-Pandemic

Written by

Corey Nachreiner, CTO, WatchGuard Technologies
Corey Nachreiner, CTO, WatchGuard Technologies

The COVID-19 pandemic has placed enormous demands on cybersecurity resources and budgets at a time when organizations need to balance costs and benefits more than ever. At the top of my list for pandemic spend are bolstering your endpoint protection suite, deploying enterprise-wide multi-factor authentication (MFA) and renewing your employees’ security awareness training.

First, your security depends heavily on endpoint protection during this increased work from home period. Your employees’ home networks certainly don’t have the same protections as your workplace, and in some cases, may be as dangerous as open, public networks. Without control of the network, endpoint protection becomes your primary means to secure corporate data and assets. Many organizations relied on some form of endpoint anti-virus before the pandemic hit, but to survive today’s untrusted networks, you need to make sure your endpoints have a full suite of security services.

The good news is that many modern endpoint protection products include layers of security, such as multiple types of malware protection, a local firewall, disk encryption, system management, patch management, web and email security and even endpoint detection and response. So, make sure your home employees have this type of full suite protections on their work computers.

The next thing to focus spending on is authenticating your workforce. When your employees work remotely, you can only authenticate them digitally. Presence in your office is no longer a factor in validating they are who they say they are. Meanwhile, authentication is the cornerstone of security. The people you trust have the ‘permissions’ to skate past many of your security controls.

If an attacker can somehow steal or replay your digital authentication, they can become you or your users, and bypass many of the defenses you’ve built against the untrusted world. That is why strong digital authentication practices are so important, especially in an increasingly remote and virtual world. We all know passwords are imperfect and get lost and stolen, frequently. Biometrics are convenient, but attackers can bypass them too. The strongest digital authentication doesn’t rely on only one, but many authentication factors. Deploying MFA to all your employees will protect your organization more than many other defense controls.

Last is the security awareness piece. With employees working from home on less trusted networks, with less protections, their actual security becomes even more important. It’s in your, and your employees’, interest to have great security awareness training. This doesn’t only help avoid mistakes that could threaten your company, but also helps employees to protect their own personal digital life. Make sure they have clear and effective training, with a special focus on phishing and spear-phishing. Keep in mind, the pandemic has introduced its own new sophisticated phishing lures, so make sure everyone is aware of new scams and emails, and it will be money well spent.

Steve Durbin, Managing Director, ISF
Steve Durbin, Managing Director, ISF

Release from COVID-19 lockdowns across the globe will be complex and drawn-out with several ‘false starts,’ resulting in restrictions being re-imposed. Fears of a further outbreak and reluctance to return to the office will cause delays to resuming normal operations.

As CISOs and other business leaders reflect on their efforts to keep the business running, the next phase – adapt – presents another set of challenges. It is a critical time for organizations that will determine their long-term recovery and future success. As organizations adjust to a new operating environment, the CISO’s role in resuming normal business operations remains vital. As a function leader tasked with protecting the organization’s information assets and technical infrastructure, CISOs need to understand board-level concerns. This involves taking a business view, which relies on close engagement with business leaders and other senior stakeholders. The task ahead is now greater than ever before.

Many circumstances remain outside the control of the organization, but where possible, CISOs need to accommodate the business requirements both inside the organization (e.g. operations, workforce and technology) and beyond (e.g. suppliers, business partners, regulators, customers and even the public). Against this backdrop, a unique situation has arisen for the CISO. Unlike many other functions where the nature of the work has shifted, the workload and expectations for the security function have dramatically increased. While new risks have emerged and are receiving prompt attention, CISOs must also keep existing risks within acceptable levels – all while the organization’s risk profile continues to change, forcing the board to re-evaluate its risk tolerance.

Applying established risk management principles will act as a strong guide during these difficult times. Good risk management will enable meaningful engagement with business leaders on key issues such as:

•           Prioritizing business assets for protection

•           Profiling threats

•           Reducing exposure of assets

•           Estimating financial loss

Business leaders will inevitably need to make difficult decisions with implications for budgets, resourcing and program prioritization. However, this is not the time to cut security budgets and put business protection initiatives on hold. CISOs play a pivotal role in helping business leaders make informed decisions about risk. Although a great deal of focus and attention is directed towards supporting and protecting an organization during a time of significant disruption, proactive CISOs are already pursuing opportunities and planning for the future.

Whether budgets increase or decrease, risk management and security functions will need to prepare for long-term cost savings, redirection of investment and process efficiencies. The results of these and related benefits will need to be demonstrated to business leaders and stakeholders. Risk management will play a pivotal role in the success of organizations as they resume normal operations.

Jason Soroko, CTO of PKI, Sectigo
Jason Soroko, CTO of PKI, Sectigo

Digital certificates have long played a central role in securing organizations’ web presence, emails, applications and networks. With operations moving to the public cloud, certificates have become more widespread for authenticating digital identities and ensuring connections cannot be manipulated by hackers. This skyrocketing need to encrypt communications has led to today’s enterprises needing to manage thousands of certificates, all crucial to secure operations.

The COVID-19 pandemic has tested the integrity of IT systems in numerous ways, and unfortunately, many have failed. A recent example occurred in California, where virus-testing systems were disrupted in late July, leading to a backlog of as many as 300,000 tests, according to public officials. Contributing to the disruption was an expired certificate at one of the state’s largest commercial labs, Quest Diagnostics, which prevented data from being transmitted for five days.

In an era of lockdowns and working from home, managing the digital certificates that underpin every single communication has become essential to securing businesses. One can scarcely imagine a worse time for a certificate to expire than during a global pandemic. Quest Diagnostics’ inability to transmit data meant that Californian officials lacked key information on the local spread of the virus. Updating security certificates was, literally, a matter of life and death in this case.

Most organizations do not have lives riding on their security infrastructure, but their mission-critical functions are at stake. We only have to look at the outage O2 suffered in December 2019 due to a certificate expiration, which left users without service for days. More recently, Microsoft Teams suffered an outage as a result of an expired authentication certificate, leaving users unable to log in to their services. These expirations and many other incidents underscore the importance of efficient certificate management in securing data and ensuring services aren’t disrupted.

Security leaders should strengthen their grasp on the discovery and lifecycle management of vast inventories of TLS and private certificates.

The challenge for IT and security operations professionals, however, is that managing these certificates across complicated infrastructure can be time-consuming and daunting. Using spreadsheets – a practice far more common than you would think – to manually track when thousands of certificates are due to expire, is an impossible mission. Add the need to renew, revoke or replace these certificates, particularly as their durations shorten, and the task becomes unrealistic.

Automated certificate management has therefore emerged as a vital tool to keep operations running securely. Certificate management tools that use the Automated Certificate Management Environment (ACME) protocol, for instance, handle the issuance, discovery, renewal, revocation and replacement of certificates, with simple rules, single clicks and without daily on-site presence. Such tools empower IT teams to monitor and manage all certificates easily from a single pane of glass, removing the risks of unknown certs, unforeseen outages and human error.

Given the resource constraints that IT teams face, automating essential processes like certificate management should be commonplace. It’s a straightforward proactive step to improving enterprise security, freeing teams to focus on innovating and transforming the business.

What’s hot on Infosecurity Magazine?