Intelligent CISO Issue 43 - Page 28

Implementing certifications such as Cyber Security Essentials will provide your workforce with best practice advice to help reduce your overall risk exposure .
Businesses should look at adopting a proactive approach to cybersecurity .
editor ’ s question

?

S ince the use of caves , most security is based on good things on the inside and bad things on the outside .

With the introduction of hybrid working , this has dramatically increased the external attack surface and the need to monitor and identify risks proactively as the target on your back increases and network access is scattered from the introduction of insecure endpoints and BYOD .
For those that are at the later maturity stage and have a secure hybrid working model in place , having an established network environment will protect against security weakness of users exposed to their home networks and ensuring the mixture of corporate and private access is controlled to protect against new threats and ransomware – providing robust security control and a strong barrier against adversaries looking for vulnerabilities to exploit .
However , for those less security mature and with stretched resources , it ’ s important to invest in automated and continuous vulnerability management and external attack surface management technologies to ensure you stay ahead of opportunistic hackers .
As ransomware threats become rife and bad actors look to create businesses themselves by offering Ransomware-asa-Service ( RaaS ), businesses should look at adopting a proactive approach to cybersecurity . This will be vital to help you identify your external attack surface from known and unknown assets and ensuring those outside your corporate firewalls are protected and your crown jewels are secure .

Implementing certifications such as Cyber Security Essentials will provide your workforce with best practice advice to help reduce your overall risk exposure .

For others who have had to resort to ‘ split tunnel ’ VPNs to facilitate hybrid working , and earlier ran a traditional border-based security regime , this has been and remains a substantial challenge and requires full risk assessment to reduce your security exposure to this new layer of risk .
MARTIN JARTELIUS , CSO AT OUTPOST24
There are some best practice actions you can take to ensure you ’ re protected in the interim from hybrid working .
These include providing secure document and media repositories for staff , and ensuring your workforce is well trained in security best practice . Applying these to their day-to-day activities will minimise risk of phishing and malware attacks .
Implementing certifications such as Cyber Security Essentials will provide your workforce with best practice advice to help reduce your overall risk exposure .
For example , if you are running with a split tunnel VPN , which in practice makes the laptop a bridge between the network and your internal network , the home routers also become the organisation ’ s responsibility and need to be patched to company security standards .
Remaining issues with hybrid working for CISOs to re-evaluate include maintaining physical security controls , and the social factor that users cannot rely on their group for advice .
Overall , the security challenge of remote working has become substantially impacted by resource bandwidth , logistics and finding automated solutions that provide complete protection against new technical threats .

Businesses should look at adopting a proactive approach to cybersecurity .

28 www . intelligentciso . com