When agencies issued telework orders in response to the pandemic, leaders and employees scavenged up work-from-home lists.
Laptop, check. Charger, check. ID card, check.
But amid the rush for essentials, security teams had to hurriedly safeguard a shifting environment that went from physical to virtual overnight.
Months later, the on-the-fly response has had its pros and cons.
Hindsight is 2020
Though cybersecurity teams were caught off guard by the sudden change, and departments – particularly education departments – saw upticks in attacks, the result has been something of a baptism-by-fire for government. The new telework environment closely resembles what security experts have forecasted for some time: a broadly-distributed workplace featuring modern cybersecurity strategies and technologies.
Artificial intelligence, machine learning and zero trust have all entered the fold. These technologies and strategies can play a part in detecting, deflecting and preventing cyberattacks.
Before security teams can capitalize on these capabilities, however, they need vivid visibility into the expanded array of endpoints they’re now responsible for, experts agree.
“What we’ve seen is that all of the former vulnerabilities are still there. And on top of that, you add the new attack surface of the home employee. So it’s really just risk-plus.” – Bob Palmer
Bob Palmer, Senior Director of Software Solutions Strategy at NS2, recently led an online training about telework security.
Increased risk
With more endpoints like laptops, tablets and smartphones in use than before the pandemic, Palmer said agencies need to expect intruders are on their networks. Attackers could enter through network breaches, stolen user credentials or malware installed onto systems.
Visibility allows agencies to know when a particular device, program or application has vulnerabilities or has been compromised. Knowing so is important because then security teams can work to prevent the attack from hopping to connected systems.
The solution for an unwelcome visitor on networks rings familiar: quarantine. After a cyberattack successfully infiltrates an agency, security teams should isolate the impacted system as quickly as possible and make sure interconnected applications and data sets were not infected. Then, they can work to restore the system. With similarities to contact tracing, in cybersecurity terms, this is called endpoint detection and remediation.
What you can do
“Increasingly, we’re seeing clients looking into technologies such as artificial intelligence and machine learning to respond to and remediate security threats,” Palmer said.
One of the most overlooked elements of cybersecurity is convenience, Palmer said. Though employees tend to be more relaxed at home, which makes them more susceptible to phishing attempts, employees will practice healthy cyber hygiene if it’s accessible to them, he said.
As an example, Palmer said if employees could easily flag suspicious emails right from their inbox for security to examine, they’d be more likely to report phishing. Security teams could then seek out similar emails and quarantine those immediately, preventing a possible breach.
“That way you can actually make employees part of the solution instead of part of the problem,” Palmer said.