As the vaccine rollout continues and organizations are planning their hybrid work plans, they must ensure this return to a physical office, even if it’s partial, doesn’t open them up to cybersecurity threats. Here, Rick McElroy, Principal Cybersecurity Strategist at VMware, discusses what chief information security officers (CISOs) should keep in mind as we get closer to returning to physical offices.
Security: What is your background? What is your current role and responsibilities?
McElroy: As the Principal Cybersecurity Strategist for VMware, I help our customers achieve simpler, faster and smarter security. In addition, my role as a Howler is focused on sharing the latest threat research, empowering security professionals at all levels and building trust within the larger security community. I have 24 years of information security experience educating and advising organizations across various industries on reducing their risk posture and tackling tough security challenges. I previously held security positions with the U.S. Department of Defense and in several sectors, including retail, insurance, entertainment, cloud computing, and higher education.
Security: What should CISOs keep in mind as we get closer to returning to physical offices?
McElroy: Security leaders are facing several challenges as their organizations start returning to the office. Endpoint visibility will continue to be one of the biggest challenges CISOs encounter, particularly if their company is implementing a hybrid return to work model. Because employees’ devices have been on an open home network for over a year, it is difficult to determine where they all stand from an endpoint protection perspective. We’ve also experienced attackers becoming increasingly more destructive in nature, using techniques such as time-stamp manipulation or Chronos attacks. A recent report from VMware found that 60% of incident responders have observed the manipulation of time in attacks. Malicious insiders have also become increasingly popular over the past year as many people were strapped for cash and were looking for quick avenues to make money during the pandemic.
Security: Why should CISOs and their organizations put assets into a “quarantine network”?
McElroy: Implementing a “quarantine network” into your return to work strategy can be beneficial for many reasons, but first, we must understand how they work. A “quarantine network” attaches to a micro-segmented network and will run patching updates to security software first, creating a more robust security posture from day one. As employees start returning to the office and bringing their devices back to work, a quarantine network helps secure an organization’s network and further identify pinpoints of weakness where hackers could potentially penetrate.
Security: How can CISOs help combat the increase in malicious insiders and hacktivism, especially with returning to the workplace?
McElroy: CISOs and security teams need to keep in mind the possibility of an inside attack as we begin a new era of hybrid work. There are forums that exist around an insider that sells credentials that have been increasing as the pandemic evolved. It comes down to taking care of employees and having some visibility and detection into their network. If CISOs can build a program designed to detect those insider threats, they will be better equipped to protect proprietary information and their organization as a whole.
Security: How will the post-pandemic world challenge CISOs?
McElroy: CISOs must keep a pulse on the rapidly evolving nature of the threat landscape, as adversaries are performing attacks with a new level of sophistication and speed. According to the latest Global IR Threat Report from VMware, targeted victims now experience integrity and destructive attacks 51% of the time. This demonstrates the aggressive and manipulative nature of cybercrime today and is another example of why many security teams are feeling fatigued and burnt out. The same VMware report found that more than half of security professionals had experienced extreme stress or burnout over the past year, and of that group, 65% have considered leaving their jobs due to this stress. Between the global skills gap and short-staffed security teams facing an onslaught of attacks, CISOs will need to build an effective security posture to address new threats facing their organization while ensuring their team has the tools to remain resilient.