One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 3051162 |
| Date de publication | 2021-07-12 10:00:00 (vue: 2021-07-12 10:05:43) |
| Titre | Back to the office… |
| Texte | As the world is starting to move out of lockdown, businesses are moving some of their workforce back into the office environment. Whilst their focus may be on the logistics of this and making the office environment ‘Covid-Safe’ for their employees, they also need to be cognisant of the potential security challenges facing them. Some areas that businesses should start to focus on are: Currency of critical security patches Any relaxation of endpoint administrative rights Identification of unauthorised network scans The problem During the pandemic, most corporate assets (laptops) have in effect been residing on home office networks, those being home or public Wi-Fi, with only their EDR solution and VPN protecting them from attack. For the last 18 months or so, these assets have been sharing their local network with potentially un-patched devices, being operated by individuals who may have been more concerned with the latency of MineCraft and downloading the latest gaming ‘feature packs’ from non-salubrious websites, than good cybersecurity hygiene. Combine this with the necessity of some IT Depts having had to relax their Corporate Policy on Remote Patching (due to bandwidth limitations of VPN) and Administration Rights on local assets (in order to install ‘that home printer driver’), if not revisited and reverted, can leave a significant exposure. Early stakeholder buy-in This is essential, as without stakeholder support, any efforts to address these challenges will stall very quickly. The pandemic has put constraints on operating budgets for many businesses, so it is essential to be able to articulate these security challenges and ways in which to mitigate, clearly to stakeholders. Without this insight, it will be an uphill struggle to focus on these additional security requirements and obtain the budget to support them. Hopefully this article will provide the narrative to assist with that dialogue and highlight some of the concerns that pose a real threat to businesses. The human element Moving away from technology for a moment, and an area that is often overlooked by businesses, is how the employee has been managing their security hygiene, in the absence of localised IT support. In effect, they could have been making security decisions for over a year, as remote workforce. They have lacked the ability to prevent potential ‘odd behaviour on endpoints’ with peers. That ‘security pop-up’ message that they just clicked ‘yes’ to, or the attachment they opened, that appeared to ‘do nothing’, all of which can be the precursor activity of an attack. Threat actors have taken full advantage of this exposure, and there has been a marked increase in attacks focussed on Business Email Compromise (BEC) and phishing scams to name a few. A recent report by Gartner talks about how these threat actors have taken advantage of the changing working environments, both during and post pandemic, targeting the remote workforce with email and SMS campaigns pertaining to be from their local IT Support. Any breach in endpoint security of your remote workforce may be amplified exponentially once they return to the office and the threat actors are then able to get a foothold on the corporate network and start profiling internal architecture, in advance of for example, ransomware deployment. Businesses can start to address these risks as part of their return to office planning by taking a number of tactical steps. Controlled introduction Just like the way a business would rollout a new technology, it is always advisable to address any outstand |
| Envoyé | Oui |
| Condensat | ‘covid ‘do ‘feature ‘odd ‘security ‘that of ability able about above absence access achieved action actionable activity actors additional address adjustment administration administrative advance advantage advisable against all allowing allows also alterations always amplified and/or anomalous any appear appeared applied architecture are are: area areas article articulate ask asking asset assets assist attachment attack attacks away back bandwidth based bec been before behaviour being best bite both brand… breach breaches brightness… broken budget budgets build business businesses but buy call campaigns can cases challenges changes changing checks chunks clearly clicked closely cognisant combine complementary compromise compute concerned concerns confirm connected constraints contributor control controlled controls corporate correctly cost could country critical currency current cyber cybersecurity damage decisions deployment depts detect detective devices dialogue discovery discussion doesn’t doing don’t done down downloading driver’ due during early edge edr effect effort efforts element elevated email embrace employee employees enable endpoint endpoints endpoints’ enforcement environment environments eradicate especially essential events evolve evolving example existing explained exponentially exposure fabric facing failed file finally focus focussed focussing following food foothold from full function functionality gaming gartner geography get gives good habits had has have having help helps highlight home hopefully how however human hybrid hygiene identification identify incident incidents increase increased increasing indicators individuals infrastructure insight install insurance…great…this integrity intelligence intention internal internally introduction issues just keep lack lacked lan landscape laptops large last latency latent latest least leave levels like likely limitations local localised lockdown logistics look main majority make making malware managing many marked may means mentioned message method minecraft minimal mitigate model moment months more most move moving name narrative necessity need network networks new non normally not nothing’ number obtain off office office… often once one only opened operate operated operating operation operations opportunity order organisation out outbreaks outstanding over overlooked overnight own packs’ pandemic part partners patched patches patching peers perform period pertaining phishing pick place plan planning polices policies policy pop pose post potential potentially practice precursor pressure prevent printer privilege problem profiling protecting provide provides public put quarantining quickly ransomware react real recent recommendations recovery; relax relaxation remediation remote report require required requirements residing respond response return returning returns reverted revisit revisited rights risks robust rollout safe’ salubrious scams scans section security seeing sensitivity sequence sharing should siem significant simulate sized sms solution some space spot stakeholder stakeholders stall standard start starting steps stimulate stop struggle summary suppliers support switch tactical take taken takes taking talks targeting team teams technologies technology testing than them then these those thought threat through time tooling tools trying turning types unauthorised unaware unclassified until up’ update update… updates uphill use used user users validation validity very visibility vpn vulnerability way ways websites what where which whilst who will without workforce working world would year you’re your |
| Tags | Ransomware Malware Vulnerability Threat Patching Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.