What CISOs should know about returning to the office

What CISOs should know about returning to the office
(Image credit: Shutterstock)

Infosecurity leaders are facing a few fundamental challenges when it comes to the return to a physical office space. One of the biggest challenges is the visibility CISOs have lost into employee endpoints. Many employees’ devices have been on an open home network for over a year, so it is tough to determine where they all stand from an endpoint protection perspective. Additionally, the rapidly evolving nature of the threat landscape is a huge issue.

About the author

Rick McElroy is Principal Cybersecurity Strategist at VMware.

Malicious actors are performing attacks with a new level of sophistication and speed. For example, we found that two-thirds of organizations have been targeted by ransomware over the past year and that same percentage witnessed incidences of counter incident response since the start of the pandemic. This reflects the increasingly destructive nature of cybercrime today and why cybersecurity teams are feeling the fatigue. Between the global skills gap and short-staffed security teams facing an onslaught of attacks, organizations are struggling to find an effective security posture.

Additionally, CISOs and security teams need to keep the idea of malicious insiders on their radar. These have become increasingly popular over the past year as many people were strapped for cash and were looking for quick avenues to make money. It occurs when someone within the organization utilizes forums and sells credentials to cybercriminals outside of the organization. I think something like this is more of a risk for people within the political sector, but we have been seeing it increase on an organizational level as well.

For example, someone could sell admin access into an organization for a large chunk of bitcoin and be set for the rest of their career. These attackers have a goal of penetrating environments and performing credential harvesting. If CISOs can build a program designed to detect those insider threats, their organizations will be better equipped compared to those that are not.

How do employees’ personal devices impact an organization’s security posture? How can organizations proactively address the risk?

Employees’ personal devices pose a huge risk to an organization’s security posture. CISOs are now faced with the task of gaining back the visibility that was lost when the shift to remote work began in March 2020. Having good endpoint detection and response is key. Using tactics like threat hunting can significantly strengthen an organization's security posture. We recently conducted a survey that found 81% of respondents are already conducting threat hunting, which shows CISOs and security teams are looking to proactively protect their organization.

Additionally, organizations should consider a cloud-first approach for improved network and endpoint security that serves an anywhere workforce. This will help with security posture as many employees will still choose to work remotely even after COVID-19 restrictions are lifted or in the case of future events that may require immediate remote work, such as power outages or chemical spills.

We often hear security is a shared responsibility - so how can employees not in security do their part?

As cybercriminals become increasingly savvy, and our devices become a key part of both our professional and private lives, multi-factor authentication is a great form of security that the everyday employee can utilize. Using a password is as antiquated as using a standard key on your front door, it's locked but someone can easily copy the key and still get access. For this reason, it’s important to prioritize multi-factor authentication, in the form of behavioral and continual authentication, and move away from a central store of identities, which can easily be hacked.

One good thing that resulted from the COVID-19 pandemic is increased awareness around security. Before, you heard a lot of talk about the rocky relationship between security and IT teams, as well as the lack of budget for security projects. Now businesses are seeing much more of a partnership between the two teams, as well as increased budget to enhance security measures across all levels of the organization. From an individual standpoint, employees can help secure the organization by ensuring they are working on secure networks when out of the office, as well as implementing two-factor authentication as an extra precaution against attackers.

Are there any best practices you recommend for CISOs and their security teams as they plan to return to office, full-time or in a hybrid capacity?

Overall, I think organizations are looking at a few avenues as they plan to return to the office. Many I have talked to are taking a tiered approach and bringing back employees slowly. This will help minimize the number of notifications to their in-office IT system as technologies that have not been connected for over a year start to reconnect to the network. Another practice I am in huge favor of is the implementation of a “quarantine network.” This will be key to secure an organization’s network as employees bring their devices back to work. A “quarantine network” attaches to a network that is micro-segmented and will run patching updates to security software first.

I also think as part of the return to office plan, CISOs should include a refresher course, reminding employees of common tactics cybercriminals use to invade networks such as phishing emails. Reminding employees to keep an eye out for small tricks like that can make a huge difference in the long run when it comes to protecting your network.

Rick McElroy
Principal Cybersecurity Strategist at VMware
Read more
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Cyber-security
Dealing with the issue of CISO stress
An abstract image of a lock against a digital background, denoting cybersecurity.
Building a resilient workforce security strategy
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Don’t let holidays be your cybersecurity downfall
Abstract image of cyber security in action.
It’s time to catch up with cyber attackers
Hack The Box crisis simulation event
“Everyone will experience a hack” - how incident response can protect your organization
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Teams
Microsoft Teams is finally adding a tiny but crucial feature I honestly can't believe it never had
Apple Watch Ultra 2 move data
Apple is reportedly planning a huge future Apple Watch upgrade to turn it into an AI device with onboard cameras
Apple watch pair with iphone
The Apple Watch SE 3 is apparently in 'serious jeopardy', and the news isn't much better for the Ultra 3 or Series 11
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)