When agencies issued telework orders in response to the pandemic, leaders and employees scavenged up work-from-home lists.
Laptop, check. Charger, check. ID card, check.
But amid the rush for essentials, security teams had to hurriedly safeguard a shifting environment that went from physical to virtual overnight.
“The priority at first was, ‘How do we get our employees working?’” said Brian Varine, Strategic Cyber Advisor at Valliant Solutions, a government cybersecurity partner. Varine spoke at GovLoop’s online training Tuesday about telework security. “And now they’re thinking, ‘How do we keep this stuff secure?'”
Months later, the on-the-fly response has had its pros and cons.
Though cybersecurity teams were caught off guard by the sudden change and departments – particularly education departments – saw upticks in attacks, the result has been something of a baptism by fire for government. The new telework environment closely resembles what security experts have forecasted for some time, a broadly distributed workplace featuring modern cybersecurity strategies and technologies.
“It’s definitely been a shock to the system, but it may end up being a good thing,” Varine said.
Artificial intelligence, machine learning and zero trust have all entered the fold. These technologies and strategies can play a part in detecting, deflecting and preventing cyberattacks.
Before security teams can capitalize on these capabilities, however, they need vivid visibility into the expanded array of endpoints they’re now responsible for, experts agree.
“What we’ve seen is that all of the former vulnerabilities are still there,” Bob Palmer, Senior Director of Software Solutions Strategy at SAP National Security Services, said on the webinar. “And on top of that, you add the new attack surface of the home employee. So it’s really just risk-plus.”
With more endpoints – like laptops, tablets and smartphones – in use than before the pandemic, Palmer said agencies need to expect intruders are on their networks. Attackers could enter through network breaches, stolen user credentials or malware installed onto systems.
Visibility allows agencies to know when a particular device, program or application has vulnerabilities or has been compromised. Knowing so is important because then security teams can work to prevent the attack from hopping to connected systems.
The solution for an unwelcome visitor on networks rings familiar: quarantine. After a cyberattack successfully infiltrates an agency, security teams should isolate the impacted system as quickly as possible and make sure interconnected applications and data sets were not infected. Then, they can work to restore the system. With similarities to contact tracing, in cybersecurity terms, this is called endpoint detection and remediation.
“Increasingly, we’re seeing clients looking into technologies such as artificial intelligence and machine learning to respond to and remediate security threats,” Palmer said.
One of the most overlooked elements of cybersecurity is convenience, Palmer said. Though employees tend to be more relaxed at home, which makes them more susceptible to phishing attempts, employees will practice healthy cyber hygiene if it’s accessible to them, he said.
As an example, Palmer said if employees could easily flag suspicious emails right from their inbox for security to examine, they’d be more likely to report phishing. Security teams could then seek out similar emails and quarantine those immediately, preventing a possible breach.
“That way you can actually make employees part of the solution instead of part of the problem,” Palmer said.
This online training was brought to you by: