Cybersecurity Challenges: The What, How and When of Change


I subscribe to a newsletter from Gary Burnison, CEO of Korn Ferry.

His messages address a wide variety of career and personal issues in a thoughtful and educational manner. A recent Special Edition message was titled Exceeding Potential. It specifically addressed how opportunities present themselves and how to view and leverage them.

He closed his message with this statement:

It’s true that leaders are in the “what,” “how,” and the “when” business. But, ultimately, we all must be in the “opportunity” business—because exceeding potential is not just about each of us, it’s about all of us.

As a “Trust, but verify” cybersecurity professional, I considered Gary’s message and shifted the paradigm a bit. The shift is based on my passion and what I chose as my business career, IT security and compliance.

We can shift the idea of opportunities for law-abiding citizens to the world of criminal opportunists.

There have been studies that analyze and try to determine why criminals do what they do. The studies show that it’s not always because they are bad people who are prone to breaking the law; sometimes, it’s the opportunities that present themselves.

With that in mind, let’s consider for a moment how the pandemic has impacted our respective businesses and the opportunities they have presented.

Key Cybersecurity Challenges for 2021

Remote access and remote workforces are not new; they are opportunities that our respective organizations have provided as a convenience for us to perform our jobs. In the modern age we live in, we all have some level of access to our corporate networks and systems, whether that is checking our email on our smartphones or having full remote access to our mission-critical business systems.

The Pandemic has dramatically increased the number of employees working remotely, and this has subsequently increased the attack surface for cyber criminals, presenting our adversaries with new opportunities to find and exploit weaknesses in our cybersecurity and compliance programs.

Ron Solano, Data Security Officer at OptumInsight of United Health Group, spoke to The State of Security at the beginning of the Pandemic. He talked about the need to balance the threat of growing malware attacks with the network’s ability to handle greater numbers of remote users.

“Employees need to have laptops that are protected against viruses and other digital threats,” Solano explained.” We want to make sure there is no contamination when they log in to a company network. At the same time, networks have to be able to handle the larger number of people logging into the network as a result of our organization’s remote work. Inbound pipes need to be monitored for load balancing.”

Standard, every day processes are now more challenging than ever. This presents an increasing set of opportunities for bad things to happen, such as:

  • Exploiting unpatched systems
  • Bypassing inadequate controls and policies
  • Capitalizing on authorization creep and other drifting defenses

The answer, though simple to put into writing, is not easy to achieve:

  • Ensuring a timely patch process on remote and intermittently connected assets
  • Validating that security controls, corporate configuration policies and perimeter defenses are in place and not drifting from a known good state
  • Analyzing suspicious files that may be introduced to the network before they can cause harm
  • Understanding the What, How and When of changes taking place on our respective assets

Fortunately, you are not alone when combating the problems that can threaten your cybersecurity. Tripwire is a recognized leader in the cybersecurity and compliance management space. It enjoys a 20+ year track record of helping our customers protect their assets and mission critical infrastructures. Our focus on fundamental controls and risks presented by assets connecting to our respective mission critical networks provides our security and compliance teams with a clear understanding of and the opportunity to proactively address the What, How and When.

Please visit us at Tripwire.com to learn more about our industry-leading technologies and services or reach out to your local Tripwire Representative. Let’s explore the opportunities that Tripwire offers in securing your mission-critical infrastructures.



Source link