Security
Headlines
HeadlinesLatestCVEs

Headline

2022 Security Priorities: Staffing and Remote Work

A comprehensive security strategy balances technology, processes, and people — and hiring and retaining security personnel and securing the remote workforce are firmly people priorities.

DARKReading
#git#auth#ibm

Almost five months into 2022, acquiring and retaining security personnel and securing the remote workforce are two things top of mind for security leaders.

That’s according to analyst firm Info-Tech Research’s 2022 Security Priorities report, which lays out both the top priorities and the main obstacles for security leaders. The other three top priorities are digital transformation, zero trust, and ransomware. The priority list is strongly influenced by the COVID-19 pandemic, the increase in cybercrime, and the shift to remote work, according to Info-Tech Research.

Nearly a quarter of the respondents (23%) named securing the remote workforce as their top priority for 2022. That includes both implementing security controls to create a secure environment for users and helping employees build “safe habits,” the research firm said.

Source: Info-Tech Research

Pandemic-driven changes like the shift to remote work “are largely expected to remain, regardless of the progression of the pandemic itself,” Info-Tech Research said in its report. This is consistent with Dark Reading’s 2022 Endpoint Security Survey, where 48% of respondents said they made changes to their endpoint security strategy to accommodate the shift to work-from-home in the early days of the pandemic — and 54% don’t plan on shifting back to how things were before the pandemic.

Along with remote workforce security, the other top priority in the people category was hiring skilled cybersecurity professionals and creating a good working environment for existing employees. Retention is very important, as being understaffed means new security initiatives are placed on hold and existing security projects may be delayed. In fact, 31% of respondents cited staffing constraints as their biggest obstacle.

“The pandemic has changed how people work as well as how and where they choose work,” Info-Tech Research found, noting that “Most smart, talented new hires in 2022 are demanding to work remotely most of the time.”

This create a bit of a tangle for security leaders, who want to attract top talent by giving them the flexible work environment they are asking for, but the shift to remote work exposes organizations to more costly cyber incidents, according to Info-Tech Research. The cost of a data breach rose by nearly 10% over the past year, with the average cost at $4.24 million, Info-Tech Research said, citing figures from IBM’s Cost of a Data Breach report. The average cost of breaches where remote work is involved is $1.07 million higher, suggesting that ubiquitous remote work will continue to result in more costly security incidents.

Part of the reason for the higher costs may be because “it takes two months longer, on average, to detect and contain a breach when more than 50% of staff are working remotely,” the report said, citing IBM.

Security leaders need to reassess the enterprise security strategy to consider the work-from-home attack surface, especially endpoint visibility, and to enable strong authentication requirements, such as multifactor authentication (hardware tokens for high-risk users) and VPNs for restricted sessions.

With remote work, it is even more imperative that security leaders develop a zero trust strategy in order to minimize the blast radius in case of a breach. Zero trust, coincidentally, happens to be one of the top security priorities, which we’ll cover next week.

Related news

RHSA-2022:1646: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (python-twisted) security update

An update for python-twisted is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24801: python-twisted: possible http request smuggling

Red Hat Security Advisory 2022-1645-01

Red Hat Security Advisory 2022-1645-01 - Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-1644-01

Red Hat Security Advisory 2022-1644-01 - XML-RPC is a remote procedure call protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-1492-01

Red Hat Security Advisory 2022-1492-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2022-1643-01

Red Hat Security Advisory 2022-1643-01 - XML-RPC is a remote procedure call protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-1436-01

Red Hat Security Advisory 2022-1436-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2022-1437-01

Red Hat Security Advisory 2022-1437-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2022-1439-01

Red Hat Security Advisory 2022-1439-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2022-1438-01

Red Hat Security Advisory 2022-1438-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements.

Red Hat Security Advisory 2022-1435-01

Red Hat Security Advisory 2022-1435-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2022-1642-01

Red Hat Security Advisory 2022-1642-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

RHSA-2022:1645: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-twisted) security update

An update for python-twisted is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24801: python-twisted: possible http request smuggling

DARKReading: Latest News

Microsoft Pulls Exchange Patches Amid Mail Flow Issues