What CISOs should know about returning to the office

What CISOs should know about returning to the office
(Image credit: Shutterstock)

Infosecurity leaders are facing a few fundamental challenges when it comes to the return to a physical office space. One of the biggest challenges is the visibility CISOs have lost into employee endpoints. Many employees’ devices have been on an open home network for over a year, so it is tough to determine where they all stand from an endpoint protection perspective. Additionally, the rapidly evolving nature of the threat landscape is a huge issue.

About the author

Rick McElroy is Principal Cybersecurity Strategist at VMware.

Malicious actors are performing attacks with a new level of sophistication and speed. For example, we found that two-thirds of organizations have been targeted by ransomware over the past year and that same percentage witnessed incidences of counter incident response since the start of the pandemic. This reflects the increasingly destructive nature of cybercrime today and why cybersecurity teams are feeling the fatigue. Between the global skills gap and short-staffed security teams facing an onslaught of attacks, organizations are struggling to find an effective security posture.

Additionally, CISOs and security teams need to keep the idea of malicious insiders on their radar. These have become increasingly popular over the past year as many people were strapped for cash and were looking for quick avenues to make money. It occurs when someone within the organization utilizes forums and sells credentials to cybercriminals outside of the organization. I think something like this is more of a risk for people within the political sector, but we have been seeing it increase on an organizational level as well.

For example, someone could sell admin access into an organization for a large chunk of bitcoin and be set for the rest of their career. These attackers have a goal of penetrating environments and performing credential harvesting. If CISOs can build a program designed to detect those insider threats, their organizations will be better equipped compared to those that are not.

How do employees’ personal devices impact an organization’s security posture? How can organizations proactively address the risk?

Employees’ personal devices pose a huge risk to an organization’s security posture. CISOs are now faced with the task of gaining back the visibility that was lost when the shift to remote work began in March 2020. Having good endpoint detection and response is key. Using tactics like threat hunting can significantly strengthen an organization's security posture. We recently conducted a survey that found 81% of respondents are already conducting threat hunting, which shows CISOs and security teams are looking to proactively protect their organization.

Additionally, organizations should consider a cloud-first approach for improved network and endpoint security that serves an anywhere workforce. This will help with security posture as many employees will still choose to work remotely even after COVID-19 restrictions are lifted or in the case of future events that may require immediate remote work, such as power outages or chemical spills.

We often hear security is a shared responsibility - so how can employees not in security do their part?

As cybercriminals become increasingly savvy, and our devices become a key part of both our professional and private lives, multi-factor authentication is a great form of security that the everyday employee can utilize. Using a password is as antiquated as using a standard key on your front door, it's locked but someone can easily copy the key and still get access. For this reason, it’s important to prioritize multi-factor authentication, in the form of behavioral and continual authentication, and move away from a central store of identities, which can easily be hacked.

One good thing that resulted from the COVID-19 pandemic is increased awareness around security. Before, you heard a lot of talk about the rocky relationship between security and IT teams, as well as the lack of budget for security projects. Now businesses are seeing much more of a partnership between the two teams, as well as increased budget to enhance security measures across all levels of the organization. From an individual standpoint, employees can help secure the organization by ensuring they are working on secure networks when out of the office, as well as implementing two-factor authentication as an extra precaution against attackers.

Are there any best practices you recommend for CISOs and their security teams as they plan to return to office, full-time or in a hybrid capacity?

Overall, I think organizations are looking at a few avenues as they plan to return to the office. Many I have talked to are taking a tiered approach and bringing back employees slowly. This will help minimize the number of notifications to their in-office IT system as technologies that have not been connected for over a year start to reconnect to the network. Another practice I am in huge favor of is the implementation of a “quarantine network.” This will be key to secure an organization’s network as employees bring their devices back to work. A “quarantine network” attaches to a network that is micro-segmented and will run patching updates to security software first.

I also think as part of the return to office plan, CISOs should include a refresher course, reminding employees of common tactics cybercriminals use to invade networks such as phishing emails. Reminding employees to keep an eye out for small tricks like that can make a huge difference in the long run when it comes to protecting your network.

Rick McElroy
Principal Cybersecurity Strategist at VMware