How Security Analysts Can Collaborate while Working RemotelyPOSTED BY RYAN TROST
Prior to the global health crisis, the most recent survey from Global Workplace Analytics found that only 3.6% of the employee workforce works from home half-time or more. Clearly that percentage is surging as government guidelines mandate people work from home, self-quarantine and use social distancing.
Without the ability to catch up with co-workers in person, go out to lunch or grab a cup of coffee, you might think employees would be more focused. The reality is that most are distracted for a variety of reasons. The situation is evolving quickly, and our email traffic is growing exponentially. Many of us are adapting to new technologies and tools. And, of course, sharing makeshift home “offices” with children, partners and pets adds to the level of distraction. This new normal is having an impact on cybersecurity. When people aren’t mindful, they are more likely to click on malicious emails and expose themselves and their organizations to threats.
Cybercriminals know this and are taking advantage of these new work environments and distractions to launch cyberattacks. As reported by Cisco Talos, although threat actors are sticking to proven techniques such as phishing, fraud and disinformation campaigns, they are ramping up and shifting the subject matter of their attacks to focus on COVID themes. Since January, Barracuda Networks has tracked a steady increase in the number of coronavirus-related phishing attacks. Many are scams to fool people into donating money, while others are selling fake masks and other pandemic supplies or masquerading as government services to help businesses navigate the economic impact of the crisis. The primary motivation is financial gain. However, some attacks are also devised to distribute malware to remote workers and infiltrate corporate networks.
Based on our experience with previous industry or region derived large-scale events, opportunistic attacks are to be expected, but the current situation is different. It is global and evolving with no clear end in sight – a new reality we all must navigate for the foreseeable future. Attacks will continue and employees’ mindfulness will erode further.
Security teams are on high alert, having to protect a shifting infrastructure from threat actors looking for low hanging fruit, yet they too are working remotely. Security Operations Center (SOC) analysts and Incident Response (IR) team members can’t lean across the desk to compare data and analysis or walk down the hall to check in with a threat intel analyst. And managers of security teams can’t tap an analyst on the shoulder to assign them a task or get an update on an investigation. Despite being geographically dispersed, security analysts and managers must be able to work effectively with team members and across teams.
To improve security operations when everyone is working remotely, organizations need a single, online collaborative environment that fuses together data, evidence and users. At its core is a central repository that contains all the organization’s global threat data, augmented and enriched with context from internal threat and event data. Individual team members and different security teams can access the intelligence they need to do their jobs as part of their workflow and can actively share learnings or directly communicate with each other.
Working in the virtual, cybersecurity situation room, they can accelerate their understanding of threats and improve collaboration. Should the number of incidents increase as threat actors ramp up campaigns, they can quickly divvy up tasks to focus on blocking and tackling. Rather than conducting investigations in parallel, all team members involved in the investigation process can automatically see the work of others and understand how it impacts and can benefit their own work.
Managers of security teams can benefit from this collaborative environment as well. They can oversee investigations remotely, observing the analysis as it unfolds and directing action when and how they need to. With a “virtual shoulder tap” they can break down and assign tasks to specific individuals, coordinate tasks between teams, and monitor timelines and results. With online collaboration embedded into security operations, managers can ensure that security analysts, wherever they are physically located, are able to work together efficiently and effectively to accelerate detection and response.
At a time when threat actors are looking for low hanging fruit and potential weaknesses in our new normal, a virtual cybersecurity situation room lets teams work together using the right data to take the right actions faster and strengthen security posture. Even when their analysts are working from home, security managers can continue to coordinate investigations and remediation.
It’s widely acknowledged that the global pandemic will have lasting effects on life as we know it. As we look for the silver linings, the virtual cybersecurity situation room is a model that’s needed now more than ever and, importantly, can give security professionals an upper hand even when life returns to “normal.”