JUNE 26, 2020
The COVID-19 conversation often centers around “phases” when it comes to the pace at which cities and states can safely re-open their local economies. Phases also come to mind for business leaders currently navigating uncharted waters to keep their workforces safe, healthy and productive during a global pandemic – without compromising IT security.
From that perspective, we can think of Phase 1 as “pre-coronavirus”, when the large majority of your workforce was coming into an office – with some limited telework. Managing cyber risk was of course challenging, but the environment was more fixed and predictable.
Phase 1 came to a screeching halt with COVID-19 stay-at-home orders, rapidly swinging to the other side of the pendulum. Recent data from a Pulse Secure report supports the unprecedented transformation ushered in by the pandemic: 63% of organizations said they had up to a quarter of employees working in remote or at-home environments before the crisis, while three-quarters of the same organizations report that more than 75% of their workforce is now working from home.
And with that, we entered Phase 2: organizations suddenly faced a near-fully remote workforce and expanded attack surface defined by personal devices, insufficiently secure corporate-issued devices, and employees without the tools and training they needed to secure their devices, data and communications. The early days and weeks of Phase 2 saw decision makers scrambling to shore up security vulnerabilities that come with expanded telework while ensuring workforces remained productive.
Managed Security Services (MSS) have been a core component of these efforts, delivering round the clock, 24x7x365, management and monitoring of cybersecurity systems and devices – along with patch management and upgrades. For our part, R9B has been actively supporting clients through the delivery of managed cybersecurity services with each individual business’ context and important threat vectors top of mind.
The pandemic is far from over, but from a cybersecurity perspective enterprises must start thinking about the next phase — a permanently expanded or highly fluid/hybrid workforce that will require cyber training, tools and processes for the long term. The Pulse Secure report finds that a whopping 84% of US organizations expect broader and more permanent remote work adoption after the coronavirus pandemic passes, in spite of the security concerns that come along with working from home.
In other words, your business must shift from survival mode in thwarting adversaries to proactively hunting threats. R9B’s ORION agent-less threat hunting goes beyond passive detection and response, empowering cybersecurity professionals with the means and mindset necessary to detect, pursue, isolate, and eliminate APTs and other network threats. At the same time, ORION incorporates new, proactive tactics, techniques, and procedures that enables your organization to identify and eliminate threats no matter how and where employees choose to work and connect to your networks, data and one another.
Our approach to threat hunting was built for the cyber challenges posed by you will face in the months ahead as workforce requirements pivot, and then pivot again. Ultimately, cyber threat HUNTing (HUNT) is about people, processes and technology and enabling the thinking network defender to actively engage the adversary and generate a human response; a response that the adversary could not calculate; a response that causes a blow to the adversary’s capabilities. For organizations this translates to a proactive defense and engagement model that we provide to our customers.
As challenging as the past few months have been for organizations, the process has been a valuable learning experience for business leaders. More than 40% of workers indicate they would prefer to work remotely full time in the future, and many organizations cite improved productivity. But to make the “new normal” sustainable – whatever that model ultimately looks like going forward – you have to get the security piece right first. Nearly 7 in 10 (69%) organizations are still concerned about security risks by users working from home. If your business falls into that majority – and even if they don’t – contact us to learn more about how R9B can help you take back control of the expanded remote workforce.