Get to know your personal threat landscape

The mass migration to working from home that happened almost overnight at the onset of the pandemic in 2020 has blended with a partial return to the office for many people and resulted in a hybrid working model in 2021. The result is a significantly increased workload for a lot of IT security teams as they look to protect an ever more distributed workforce and navigate continuing uncertainties and policy changes.

To avoid business operations being interrupted, employees need to access key systems and resources from anywhere, potentially on any device. Shadow IT is also a much larger consideration in the current environment, as people look for quick solutions without the IT team on hand to approve the use of a new software, services, applications or devices, or onboard them into governance and control processes and technologies. 

This has created a heightened risk in itself – it’s also against a backdrop of ongoing innovation by criminals, keen to take advantage of the current situation. The net result is a wide – and almost impossible – remit for the infosec team. 

With that in mind, the biggest takeaway from 2021 is that resources and energy need to be focused on integrating the tools and data available to identify where the risks are. This makes it critical that each organisation truly understands its own landscape, the specific threats it faces, where these are coming from and the vulnerabilities being attacked. It is also essential that teams work together to pool resources and knowledge, rather than acting in silos. The more information to hand, the better when dealing with today’s threats.

Investigations to pinpoint risk

Security teams should be using all the data at their disposal to understand their risk posture. A configuration management database (CMDB) used with next-generation extended detection and response (XDR) to provide details of who is logging in and from where and which applications, lists of vulnerabilities present in the estate, reports on how well controls are running, etc, are all useful. However, to determine how likely a threat is to occur requires them to be combined and applied to the risk in question.

Pooling data into key risk…