惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
TaoSecurity Blog
TaoSecurity Blog
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
N
News | PayPal Newsroom
S
Security Affairs
T
Tor Project blog
P
Proofpoint News Feed
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Help Net Security
Help Net Security
U
Unit 42
云风的 BLOG
云风的 BLOG
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
量子位
F
Full Disclosure
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
有赞技术团队
有赞技术团队
T
Troy Hunt's Blog
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
人人都是产品经理
人人都是产品经理
L
Lohrmann on Cybersecurity
Apple Machine Learning Research
Apple Machine Learning Research
Microsoft Security Blog
Microsoft Security Blog
博客园 - Franky
腾讯CDC
AI
AI
Last Week in AI
Last Week in AI
Latest news
Latest news
Google Online Security Blog
Google Online Security Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
IT之家
IT之家
Martin Fowler
Martin Fowler
Blog — PlanetScale
Blog — PlanetScale
V2EX - 技术
V2EX - 技术
酷 壳 – CoolShell
酷 壳 – CoolShell

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government
Five Steps to Protect Your Agency Enterprise When Employees Return
Tamer Baker · 2021-06-29 · via MeriTalk

Many of us are going back to work in person – and this includes the Federal government. The Office of Management and Budget (OMB), Office of Personnel Management (OPM), and General Services Administration (GSA) announced on June 10 that the 25 percent occupancy restriction for Federal offices has been lifted, and agencies will soon be able to increase the number of employees in their physical workplaces.

While much of the focus, and deservedly so, is on ensuring employees and the workspace meet COVID guidelines, there is another area of concern – cybersecurity. The COVID-19 pandemic forced a hurried shift to remote work in 2020 and agencies had to prioritize employee productivity and remote access. While home and public networks, along with cloud-based applications kept everyone working, they also introduced a hidden threat.

As lockdown restrictions lift and offices prepare to reopen, we must now address the risk posed by an influx of new and returning devices that have been operating with reduced IT oversight for an extended period of time.

As we all started working remotely, often this was replaced by consumer-grade routers with limited security controls on home and public networks, and an IT team fully reliant on a handful of endpoint agents (that can break or be disabled) to ensure device hygiene. Extended periods of remote work with infrequent IT oversight and limited network security controls causes device hygiene and security posture to deteriorate. Dubbed “device decay,” this exposes devices to vulnerabilities and threats, and translates into an increased attack surface for malicious actors to target.

As agencies prepare to reopen after months of low office occupancy, devices with degraded security posture can pose a serious risk to agency networks. They provide an entry point for threat actors looking to infiltrate agency networks, exfiltrate sensitive information or wreak havoc on day-to-day operations. This comes at a time of massive increases in cyberattacks, with the FBI alone handling more than 4,000 cybercrime incidents per day, a four-fold jump from pre-pandemic days.

Device decay manifests itself in different ways across different cohorts of devices:

  • Employee agency devices that started with generally good security posture in pre-pandemic days and have degraded over time – broken agents, missing security patches, unauthorized applications, and configuration drift.
  • New devices, often consumer-grade laptops, that got added into the work ecosystem during the pandemic without gold master images, and that never had the same stringent levels of device hygiene.
  • In-office or remote devices that were switched off because they weren’t needed during the work-from-home phase and haven’t been kept up to date with the latest security patches.
  • Always-on IoT and OT devices such as physical security systems, conference room smart TVs and HVAC systems that have remained idled/unused and gone unattended by IT, with potential exposure to vulnerabilities discovered in multiple TCP/IP stacks used by hundreds of vendors and billions of devices. These devices will take a long time to be patched, if they can be patched at all.

The following best practices can fortify agency network defenses to prepare for returning workers and their devices.

  1. Implement real-time inventory procedures. Managing risk starts with a continuous and accurate inventory process. You need to ensure you have full visibility and detailed insight into all devices on your network, and that you’re able to monitor their state and network interactions in real time.
  2. Assess and remediate all connecting devices. Set up a system to inspect all connecting devices, fix security issues, and continuously monitor for potential device hygiene decay. While many users are still out of the office, use this time to get a head start. First check the idled and always-on in-office systems to ensure they have the latest software releases and security patches installed and running. Assess them for vulnerabilities disclosed while they remained dormant. As degraded and non-compliant devices return to the office, initiate remediation workflows in concert with your security and IT systems.
  3. Automate zero trust policy Adapt your zero trust policies to include device hygiene and fix security issues such as broken security agents, unauthorized apps and missing patches before provisioning least privilege access. Segment and contain non-compliant, vulnerable and high-risk devices to limit their access until they’re remediated.
  4. Continuously monitor and track As devices start returning to the office, they are also expected to be away for extended periods. Continuously monitor all devices while they’re on your network, maintain visibility into their state while off-network, and reassess their hygiene after extended absence. Constant vigilance will allow you to adjust your approach based on the volumes and types of devices connecting to your network and the issues/risks that appear over time.
  5. Train/equip staff to help protect your network. Finally, you should ensure that these security measures are properly reflected in official agency policies. Employees should know the basics such as avoiding the use of unauthorized apps and keeping their devices up to date, so they can assist with combating device decay and help maintain high levels of device and network hygiene.

Managing device decay is not a one-time activity. In the new normal, hybrid work practices will be implemented differently by various agencies and will also vary by groups within agencies. What will be constant across all these work practices is that devices will remain away from the office for extended periods before returning/re-connecting and will be prone to device decay during the away-period.