When Dave McDonald, Navy Chief Intelligence Systems Officer asked, “What are those things I have to protect and get at right now?” in a recent episode of our To The Point podcast, it prompted me to think of how our security leaders approach our current situation where millions are still working from home. Seems like modern cybersecurity really comes down to protecting people, places and things.
Especially with the plight we are currently facing, Dave characterizes his position as that of chief resilience officer. He makes the point that an unexpected and extreme kind of crisis forces organizations to focus. With this resilience in mind, as security leaders continue to tackle supporting massive remote workforce for extended periods of time, let’s look at how we can best protect three of the largest liabilities to turn them into strengths.
At Forcepoint, we believe people are the new perimeter. That’s something our current situation has brought to the forefront. In episode 76, our CEO Matt Moynahan said,
“I think hackers have proven that people are far more worthwhile attack points than Silicon and that's what they're doing. I think that's why this is such an interesting period for us because people's behaviors now are driving the security architecture. It's not the other way around.”
Though many tend to focus on zero-day exploits when considering cyber-attacks, it’s important to remember exploitation of vulnerabilities that exist within commonly used interfaces make up the majority of threats. The TSA is even prioritizing data-driven decision making to detect potential insider threats. Insider threat often occurs unwittingly when someone uses their access to sensitive information that compromises people, places, and things like national security.
In today’s environment, many workers are accessing applications and data from their homes instead of the office. Additionally, the applications that remote workers use to get work done are changing too. Where software and applications used to primarily be on a company network or data center, these days applications increasingly reside in the cloud.
According to DHS and the FBI, some of the largest weaknesses in cybersecurity are programs and applications. And during the coronavirus outbreak, “many organizations shifting to work from home setups have misconfigured Office 365 deployments” putting them further at risk, and adding extra responsibility to an overburdened IT. In fact, foreign cyber actions have continued to take advantage of well documented software vulnerabilities, as exploitation of these weaknesses often requires less effort and fewer resources than zero-day attacks.
One of the best (and easiest!) things you can do to prevent against foreign cyber-attacks is to keep your access software current. In fact, foreign cyber actions have continued to take advantage of well documented software. Forcepoint’s Trusted Thin Client Remote (TTC-R) can help optimize remote work by providing quick secure access to help ease the transition to remote work while protecting against multiple risks for attack. TTC-R takes advantage of all the enterprise features of traditional TTC to include updating software from a central management console (something that other vendors can’t do) which deploys automatic updates which eliminates the need for frequent End User Devices (EUD) and patching by local support staff. Its scalable which allowed ease of transition to work from home for both us and our clients, and this flexibility is extended to the type of devices that are supported by TTC-R.
Speaking of devices, TTC-R also impacts things at a device level. During our part two podcast interview with Dave McDonald, we asked him how security leaders can best keep up with attacks on individuals working from home. Dave believes training and mentoring people on “cyber hygiene” is where security teams can have a big impact.
Beyond that, Dave really favors a choose-your-own-device approach vs. a bring-your-own device one. In his view, choose-your-own strikes a better balance between agility and maneuverability of choice. He thinks choose-your-own-device and comply-to-connect initiatives will ultimately help extend an organization’s “zero-trust architecture boundary to encapsulate a much more robust endpoint community.”
At Forcepoint, we see TTC-R as a solution that applies this concept. With TTC-R, mass updates, upgrades, and maintenance can be scheduled through a centralized system to help ensure your organizations technology solutions adapt to the shifting user requirements we’re all seeing today. TTC-R reduces the individual risk and responsibility of personal device owners and users to keep their devices updated, and instead allows the centralized system to handle it.