In the past week, the spread of COVID-19 has compelled many businesses to suddenly shift their office-based workforces to remote ones. This has quickly changed the game from a security perspective: an evolving attack surface, proliferating endpoints, new network behaviors, and more.
That’s why ReliaQuest quickly convened a couple of leading CISOs – Chris Lugo of Danaher and Jason Raymond of GuideWell Holdings – alongside its CTO, Joe Partlow, to offer perspectives intended to benefit security teams adapting to the changing landscape. ReliaQuest COO Colin O’Connor moderated.
Top takeaways from the group included:
1. Focus on re-evaluating normal and abnormal network activity. As employees surge onto corporate networks from disparate remote locations, CISOs and their teams are adjusting all of their baselines based on the “new normal” of usage patterns. This helps security operations teams quickly understand what’s worthy of attention compared to what is simply a usage pattern change from the switch to a remote work force and avoid wasting time on a flood of false positive alerts.
2. Take advantage of heightened attention to corporate communications to drive safer behaviors. Our CISO panelists reported that employees are more responsive to internal comms than ever. Therein lies an opportunity: as a powerful resource to train and educate the workforce on protecting the corporate environment. Re-educate the workforce on best practices for phishing attacks and social engineering using the latest virus-related examples from threat actors.
3. Stay focused and communicate risk in business terms. CISO panelists underlined that security leaders often struggle to find the right metrics to communicate risk to the Board and other peers. For the time being, when business continuity is top of mind in the C-suite, the panel emphasized that less is more. Focus is important in all directions: ensure your teams understand and have visibility to protect what’s most important to the business, they have the tools to perform their job and support from their leaders. Daily stand-ups have been a way for teams to prioritize, collaborate and engage while being remote.
ReliaQuest believes security is a team sport, so we are sharing use cases, automation plays, and threat intel research powering our GreyMatter platform to help protect your organization. Sign-up for our Rapid Response Resources Series to receive specific use case queries to optimize in your SIEM, attack overviews, and recommended automation plays.