Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:00 PM
Dan Dinnar
Dan Dinnar
Connect Directly
E-Mail vvv

Advice From Security Experts: How to Approach Security in the New Normal

Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.

A year ago, work from home (WFH) emerged as the "new normal" for organizations seeking to keep their staffers safe from COVID-19. Today, companies are viewing WFH as simply, well, the norm, as 83% of IT managers are planning or have planned for a long-term transition to remote working.

In many circumstances, the arrangements have increased productivity and efficiency. But they also bring on risks: Three-quarters of IT professionals are concerned that their response to security threats is less effective due to employees working remotely, and 63% have less than 90% visibility of remote endpoints. Seven of 10 indicate that the pandemic has negatively affected their ability to patch endpoints and enforce compliance.

Related Content:

Top 3 Cybersecurity Lessons Learned From the Pandemic

Special Report: Building an Effective Cybersecurity Incident Response Team

New From The Edge: Cartoon Caption Winner: In Hot Water

Given the challenges, we recently asked a selection of top security managers and executives about their experiences. We wanted to know what's the biggest lesson they've learned after a year of WFH, and how they advise their counterparts at organizations to proceed as a result of those lessons. Here's what they told us:

Steve Zalewski, CISO, Levi Strauss & Co: "Now is the time to double down on security awareness training for your company. After a year of transition from 'work in the office' to 'work from home' to 'work from anywhere' to 'work from everywhere,' people are stressed, fatigued, struggling with work/life balance, and generally feeling overwhelmed. This has created a bonanza for attackers who use phishing and social engineering attacks. Targeted attacks are on the rise as well. So get creative with your education and testing, be persistent, and don't let your people give in to the COVID fatigue, false sense of security that home environments can create, and targeted attacks. Every click we can prevent saves us hours of incident response time chasing down compromised credentials or lost revenue."

Timothy Myers, CISO, Missouri Employers Mutual: "Don't try to figure it all out on your own. Develop a peer group and schedule regular conversations to share information on trends, projects, threats, etc. If you can afford to, use a well-established security consultant to do vulnerability and penetration assessments to see if that perspective maps well with where you think you are."  

Britney Hommertzheim, Director of Cyber Threat Operations, Cardinal Health: "Embrace the uncomfortable. Right now, many people are in a state of flux. Use this as an opportunity to provide a solution for your business that also provides a security benefit."

Gregory Matthias, CISO, TCF Bank: "It's more important than ever to work with your partners to understand risk across the organization and not just tech risk. Secondly, you need to be at the table and become an enabler of faster digital transformation."

Shinesa Cambric, Manager of Security Architecture, Vistra Corp: "This is a time to rethink cyber processes and integrations and the messaging around that. There is a huge opportunity to use the message of a 'fresh secure start.' Security managers and teams should take advantage of migrations to the cloud to reset and reinforce the image of security — that security being integrated and built into their tools and platforms is a value-add and a distinguisher, rather than using a 'fear, doom, and loss avoidance' message to get buy-in for security."

Aimee Martin, Director of Information Security, Vista Outdoor: "Determine how to cut costs in the right places but spend the money in the places that add the most value. Rethink business resiliency and protect the critical assets and data in your environment."

Judy Hatchett, CISO, Surescripts: "Be flexible, invest in tools and strategies that solve more than one problem. Invest in your people."

Nathaniel Cole, Director of Security, MSTS: "Leaders need to be acutely aware of massive disruption to everything in 2021 — remote workforce may or may not continue — then we are looking at huge disruption in real estate and others. Deploy security without brick and mortar. Truly reevaluate end-user behaviors, grant access, identity access, onboard, and offboard. The short term will be hard, but we will all be better off in the long run as a result of the work done now."

We can't predict with absolute certainty what the state of WFH/remote work will look like a year from now. But we do know that cybersecurity professionals will seek to continue meeting the many new challenges that extraordinary circumstances bring. By closely aligning IT goals with business strategies and a flexible, agile, and value-first mindset, CISOs and their teams will more effectively prepare their organizations for current "norms" — and whichever new ones come next.

Dan Dinnar is the CEO of Source Defense. A 20+ years veteran of executive leadership, deal making, and strategy in the IT/security industry. Dan was most recently the Co-founder & COO of Hysolate, a Team8 company. He also was the CEO of HexaTier (formerly GreenSQL), and led ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).
PUBLISHED: 2021-06-16
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
PUBLISHED: 2021-06-16
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" t...
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify ...