IT & Security Operations Teams Must Be Ready For 2021 And Beyond

Due to COVID-19, 2020 will be widely regarded as the year that work moved home. In reality, it was the year work moved to the cloud and everywhere in between. As a result, endpoint management and endpoint security are now the cornerstones of effective protection and the foundation for the next generation of security.

As the world moves beyond the pandemic, some people will return to the office and begin traveling again. Our research at Moor Insights & Strategy reveals that over 80% of companies will offer more flexible workplaces post-pandemic and over 70% of employees will take advantage of that flexibility. Thus, it appears 2021 will be the year of the hybrid workforce—effective cybersecurity will require a combination of technology, processes and people.

Security is at a significant inflection point and organizations must adapt to protect people, places and things. Enterprises should evaluate the financial cost of a security incident, the impact on human resources and the loss of control over one’s IT environment.

Our research indicates compromised employees have a 45% reduction in productivity. Compounding this trend, we are seeing a 250% increase in cybercrime targeting work-from-home employees, especially with nation-state attacks emanating from Russia, Iran, North Korea and China. While the main prize is large public and private sector organizations, these attacks affect home-based employees, business email, endpoints and internal systems.

The perimeter is dead—secure the data and the device

Phishing scams and botnets pose the most significant threats to organizations. One of the main reasons is the number of devices outside of the perimeter are vulnerable to increasingly advanced threats.

From an endpoint perspective, combating attacks requires the ability to rapidly identify changes in behavior at the endpoint and to the state of the environment, such as where a fast-moving security incident expands laterally.

Foster cyber hygiene

In recent attacks, especially SolarWinds and FireEye, bad actors were hiding in the network traffic. In the network, they were closing doors they had opened and moving to the next target. The reality is that threat groups and bad actors (e.g., APT29, YTTRIUM, Cozy Bear) exist worldwide and continuously capitalize on human error.

Collectively, all public and private sector entities must reflect on where cybersecurity strategies and programs stand today. It’s essential that they proactively educate and foster better cyber hygiene behaviors for their remote workers, as well as those continuing to operate within traditional brick-and-mortar facilities. 

IT departments must make a concerted effort toward adopting platforms, tools and services where everyone within their organization actively participates. Having an alibi does not absolve one of responsibility. Security is everyone’s job. 

Organizations must understand what they can track and how to mitigate each threat. First, they must know the physical footprint–where threats are coming from, including location and potential groups/organizations targeting them. Second, they must recognize the digital tells (evidence) that outline the activity, aliases, patterns and psychometric behaviors of bad actors. 

To do this, Security Operations (SecOps) must consider and deploy rapid asset discovery and inventory. 

  • In an attempt to modernize digital infrastructure for high-performance work from home without any compromise on security, many organizations are turning to security platforms that support and enable true endpoint management and security, across all deployed assets and remote workforces.
  • By consolidating onto a single cybersecurity platform, or single source of truth, enterprises can holistically detect, triage and mitigate security incidents more rapidly and more efficiently. 
  • As the number of network-connected devices grows exponentially, IT organizations must discover unmanaged assets within the network–from public and hybrid cloud environments to servers, workstations, laptops, VMs and containers. 
  • By automating asset discovery and endpoint inventory, organizations can improve their cybersecurity posture, integrity and data flow. Without this, there is a complete inability to protect against even the most basic attack methods, such as exploiting unpatched systems and subsequent lateral movement.

Real-time endpoint performance monitoring and configuration management

Most security teams underestimate the importance of performance monitoring, while IT operations tend to focus on performance monitoring and availability as the bellwether. Furthermore, traditional endpoint management, endpoint risk and security tools scan devices for compliance or security vulnerabilities periodically on an as-needed basis (typically monthly but at times weekly). 

Although performance monitoring is a viable way to determine when a system fails or needs maintenance, it can also identify anomalies such as attackers dumping database tables or targeting the boot level–a significant signature of ransomware attacks. 

Another core building block for effective and proactive cybersecurity is configuration management. Configuration management databases provide IT and security organizations with a single source of truth to track and manage all aspects of the network, including hardware, endpoints, appliances, network devices, and software and their relationships to and dependencies on each other. 

Understanding each endpoint’s relationships and configuration, IT and security operations teams have greater visibility and unity across the organization. By adopting a security platform approach, security operations personnel can identify, find, and fix an anomaly before it becomes a problem. Also, organizations can investigate why the anomaly appeared in the first place, which potentially uncovers and tracks a previously unknown bad actor.

Patching and updates

Like endpoint monitoring, software optimization provides insight into the applications/services deployed on each machine. From an IT operations perspective, software lifecycle management allows for visibility into the warranty, service status, BIOS and firmware patch/upgrade compatibility. In a recent conversation with a chief security officer (CSO), we found the IT organization had lagged behind nearly 30,000 patches within his organization–especially with remote workers. 

Software optimization is often a budgetary tool to ensure companies do not pay for software licenses owned, deployed or no longer in use. Like a misconfigured firewall, endpoints that are not compliant with the most up-to-date software and patches pose a significant cybersecurity risk to the overall organization. 

By having network visibility and a single interface for security, compatibility and compliance, organizations can decrease their system and business disruption risks while ensuring they cover all corners within the arena.

Computer software and hardware updates are frequent. Most users delay or push off updates, but these updates address security risks for the most part. Before COVID-19, patching was one of the easiest steps security teams could take to reduce risk. However, as the workforce became more distributed, foreign and uncontrolled, patching and updates became more difficult.

For a department to remain compliant, it is vital to have a security platform that identifies, controls and manages all endpoint assets regardless of location.

Data risk and privacy management

At the heart of every IT operations and cybersecurity program is the need to protect data and privacy. The next generation of cyber warfare is here, and the main prize is information. 

Most successful cyberattacks exploit: 

  1. Failures to patch known vulnerabilities
  2. Misconfigured firewalls or network infrastructure
  3. Unsecured databases; or
  4. Social engineering malware

Taking a holistic, platform-based approach to security, organizations can close the gaps and seal the cracks from a compliance, patching and deployment perspective, while identifying or revealing the things that shouldn’t make it through the cracks. 

In a recent in-field study, we found over 75% of firewalls are misconfigured, mainly due to bring-your-own-device (BYOD) policies and requests from executives wanting specific access to devices or opened ports. Some 80% of endpoint devices, including laptops and IoT equipment, have little or no protection, with 35% of these devices using default or weak password protection. Finally, over 60% of remote employees use corporate credentials to register for online and personal e-commerce services, which creates another level of data risk and privacy management challenges for their employers.

So, what’s next?

2021 will not be any easier for CSOs and CISOs than last year. However, forward-thinking organizations are putting the pieces in place to ensure they are ready for whatever comes next. We recommend you:

  • Ensure you have a patching and update program. This is critical, especially in today’s security environment. Nearly 60% of the CSO/CISOs we work with do not know which systems have been patched, which need to be patched, and most importantly, which should be on their networks in the first place. Firms like Tanium live between IT and SecOps in an unrivaled way. Identifying these vulnerabilities requires a combination of security assessments, tools and software to remediate infrastructure threats.
  • Understand the threat landscape. It is essential to understand which devices and endpoints reside within your network. It is also crucial to understand the threat landscape, where your devices reside and who are the probable threats and potential detractors that can harm your business. Intelligence is key. Several firms, including CyberadAPT (Network Security), CYREBRO (SOC Services), eSentire (MDR), VMware Carbon Black (EPS) and Tanium (IT meets Cyber, meets the Endpoint) have excellent software and services to understand where threats come from and how to mitigate danger before it affects the organization. 
  • Deploy a plan to protect your customers’ data and privacy. Organizations that ensure their customers’ data and privacy will thrive going forward. Having a single platform for managing security, privacy and data integrity is an excellent step for covering all corners. We have found that 40% of the CSO/CISOs we work with who implement a single platform, flight guides and a comprehensive incident response program have a 70% improvement in how their organizations respond to cyberattacks, especially when it comes to ransomware. Consultancies such as Brain+Trust are leading brands across the enterprise to unify data to individualize marketing and customer experience operations, while securing that data from the cloud to edge. Simultaneously, Tanium and Rackspace Technologies bring a solid platform for managing security across public, hybrid and cloud environments that aligns with their customer’s governance and compliance procedures. 
  • React quickly once your organization is compromised. While it is difficult to deter sophisticated nation-state attacks, the key is how an organization reacts. The ability to respond promptly to whatever is next is vital to safeguard infrastructure, data and endpoints. Therefore, turn decentralization and scale into an advantage in the work-from-anywhere era. Companies like CyberadAPT were key in FireEye’s response to its recent breach. Other companies like Cyber Guards provide proactive and effective managed security management service to those companies that require a more hands-on approach.

To be better prepared for future uncertainties, organizations need to change their approach to managing their IT operations and endpoint security. Now is the time to leverage a powerful integrated platform that delivers complete visibility and control of your entire estate. Bringing greater agility and efficiency to your organization with insight, manageability and security will keep business at the forefront of technology and where digital business begins—at the endpoint.

As a side note, Tanium is punching above its weight regarding the new realities of cyber and endpoint security. For more details and information, please download the full report on our website. 2020 has ushered in a new way of doing business, but firms that focus on cyber hygiene, best practices and procedures will win the day and beyond.