The Coronavirus crisis introduces a heavy burden on the CISO with the joint impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noise in the form of attack reports, best practices, tips, and threat landscape analysis. The CISO Checklist for Secure Remote Working (download here) was built to assist CISOs in navigating through this noise, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.
The Coronavirus quarantine forces us to face a new reality. It is critical to acknowledge this new reality in order to understand how to successfully confront these changes. Make no mistake – these changes apply to any organization, regardless of its former security posture.
For example, an organization with a high maturity level that routinely monitors its user’s behavior to detect anomalies must now alter its policies to adjust to the mass remote workload. On the other hand, organizations with lesser maturity that could contain the risk of not placing advanced protection on their email systems and endpoints now realize that they have a critical security gap that must be addressed.
The CISO Checklist for Secure Remote Working breaks down the Coronavirus derived changes in reality and maps them to concrete checkboxes. It’s important to point that the checklist does not dive into the actual implementation since it can be carried out in multiple ways with respect to the internal policies and preferences of each organization.
The CISO Checklist for Secure Remote Working is built of five pillars:
- Security Technology: a recommended list of product categories that should be installed and configured. The guideline in choosing these categories was an aggregated analysis of the Coronavirus related threat landscape gathered from multiple threat intelligence and attack analysis sources.
- Security Team: every team, regardless of size and dedication level, has a set of procedures to handle ongoing security operations routinely. These procedures must be at the very least refreshed, and in many aspects updated to address the specific IT and cyberattack changes.
- General Workforce: CISOs know better than anyone else that a man is a far weaker link than a machine. The built-in uncertainty that the Coronavirus brings, make people significantly more vulnerable to all sorts of social engineering manipulations. Awareness, education, and security drills are essential to arm your workforce against these vastly increasing attacks.
- 3rd Party Service Providers: whether your organization performs all its security tasks in-house or not, it is definitely a time to consider outsourcing some of the more skill-dependent mission to a domain expert MSSP – or at least make sure that all IR and security management operations are adequately covered.
- Management Visibility: the organization’s executives must have full visibility both into the CISOs efforts as well as to the actual security posture – is there an increase in attacks, do security teams and products operate as expected, has there been a breach and if so how was it managed and contained, etc. Every CISO must have the infrastructure to effortlessly produce these reports.