When the COVID-19 lockdowns began many months ago, experts in the cybersecurity industry knew what was coming next. As we have established in past articles, hackers are opportunistic: eager for any chaos to exploit in pursuit of their goals. A society-wide shut down which left many online for much longer than usual was the perfect opening, especially for high-value targets like local governments, who experienced a 100% increase in site traffic immediately following the stay-at-home orders.
Now six months later – though restrictions have eased throughout the U.S and malicious cyber-activity has reduced from the fever pitch it reached at that time – there are still threats to contend with. This time, cybersecurity teams are working away from the office, and they are facing complex and unprecedented situations. Remote employment is a complicated affair in general, but for cybersecurity teams and operations centers (SOCs) it presents a number of unique challenges.
While 98% of the population says it would “like to work remotely,” no less than 89% of cybersecurity professionals say they are facing increased job difficulty because of stay-at-home policies, according to a recent study. This shocking disparity suggests the obvious: it’s hard for cybersecurity teams to do their jobs properly outside their organizations.
In this article, we’ll look at several reasons why this is the case, and how local governments can help their vitally important cybersecurity personnel to succeed as remote employees.
Insecurity of Remote Endpoints
The first problem is that cybersecurity professionals aren’t the only ones working from home now: their coworkers are doing the same thing, shifting the perimeter that the former are obligated to monitor and protect. In June, only 26% of the U.S workforce were still working in their physical business premises.
When targeting an organization, attackers seek any endpoint that may be attached to it. Those endpoints have expanded to include devices, systems and equipment across a large geographic region. Notoriously vulnerable IoT and mobile devices in employee homes provide the perfect bridge to their work computer and enforcing security measures are tough.
Remote endpoints also offer an increased opportunity for credential theft, which is the main culprit behind 80% of hacking related breaches. While most of these are the consequence of phishing schemes (which have also increased under lockdown), they can easily result from an insecure or keylogged work computer as well. Attackers with stolen credentials are much harder to fend off, since they look like legitimate users.
Protecting Off-Premise Devices
Taking work-devices off-premise has always been a security concern, but it has never occurred at this scale before. Fortunately, there are ways to reduce their vulnerability:
- Increase monitoring for suspicious activity on business networks indicating an attempt by a “legitimate” user to elevate their own privileges (new privileged users on network hosts, requests to a domain controller, memory dumps from authentication processes, etc.)
- If feasible, recommend that off-premise employees segment the networks in their home office by using dual routers, one for work, and one for personal use. This provides a physical barrier against attacks propagating from vulnerable devices.
- Above all, enforce cybersecurity training for all personnel, specifically emphasizing recognition of phishing attacks, the danger of IoT and other non-essential, connected devices.
While none of these measures can guarantee protection from attacks through remote employees, they will definitely diminish the opportunity.
Strained Security Resources
During the lockdowns, local governments and other organizations have experienced a dramatic rise in IT support tickets to troubleshoot problems with business software and home office equipment. Accordingly, nearly half of cybersecurity professionals said they had been shifted to an IT role, leaving their colleagues with double the workload.
Little wonder, then, that in the middle of a cybersecurity talent gap, many have considered leaving their current jobs for calmer waters where they can practice the profession they trained for. This is a loss that local government agencies can ill afford – and fortunately, it’s mostly unnecessary.
Reducing Work Strain
To this day, upper management often considers cybersecurity a mere function of IT when they are actually distinct.
- Avoid hemorrhaging your security resources by clearly defining the domain of IT and the domain of cybersecurity. Allow the former to handle implementation and troubleshooting made necessary by the transition and consider outsourcing or new hires if they are necessary.
- Provide adequate resources for your cybersecurity team; maintain communication through HR and ensure that they are not overburdened during a time when they are needed most.
In the hectic and sometimes experimental transition to remote employment, it’s easy for any business to become disorganized and leave people behind in the shuffle. Preventing this is an utmost priority.
Effective cybersecurity requires a constant stream of communication between different operatives, and often communication between departments, especially when problems need to be resolved in real time. But while it is possible to remain in communication while working remotely, that does not mean it is easy.
As vCISO at Dubai Expo 2020 Dr. Grigorios Fragkos notes:
When you work with your team throughout the day, you can discuss, coordinate and brainstorm on-the-fly, but it takes way more time to have these micro-communications over virtual mediums, phone-calls and emails, compared to a brief face-to-face catchup.
Therefore, remote employment brings delays to the communications process, and important communications may even be lost in the noise.
There are several ways to make sure your cybersecurity professionals can stay in touch:
- Invest in collaboration software and lightweight communication channels that bring together your IT, cybersecurity, HR and business teams
- Even if channels are provided, engagement with those tools may be low, simply because old habits die hard. Ensure regular team check-ins, and make those channels a fundamental part of the new work process.
- Segment critical channels from more general ones so your cybersecurity team knows how to prioritize their response to incoming information.
Your security professionals are frequently inundated with data – especially in a SOC environment – that may require intense and focused attention. Ensuring they have the tools they need to quickly communicate and get back to work is essential to their success.
In our free infographic checklist, we step through all the ingredients of an effective remote cybersecurity team including:
- Crucial security strategies for remote endpoints
- Key points of effective cyber hygiene for your entire organization
- What every remote cybersecurity professional needs to succeed
Remote employment is far from impossible, even in the domain of cybersecurity, but the process of establishing a balanced workload, communication and effective strategies for securing remote endpoints requires proactivity from everyone involved, especially those at the top.
Securicon provides information security solutions to public and private sector organizations. Our expert cyber security teams help our clients manage and secure their Information Technology (IT) and Operational Technology (OT) environments by providing vulnerability and penetration testing/assessments; governance, risk and compliance services (GRC) and security architecture review and design services. Contact Us to learn more!