“We simply need to make our position unassailable.”
Alissa Knight is a recovering hacker, serial entrepreneur, author and thought leader. She currently acts as group CEO of the managed security service provider Brier & Thorn, a partner at Knight Ink, and as principal analyst at Alissa Knight & Associates.
When the pandemic struck, Knight guided many of her clients through the new security challenges opened up by COVID-19 and the mass mandate to Work From Home (WFH).
Here’s what Knight experienced, saw and learned.
COVID and WFH open new vulnerabilities
As businesses shut down and workers were sent home, Knight began to worry.
During this transition the attack surface increased exponentially and became a massive soft target.
The world had just created an economy of people working from home without effective security controls, and without the personal cybersecurity budgets needed to layer defenses over their home devices.
Knight saw malicious actors take advantage of the situation. The number of incident response engagements at Brier & Thorn have nearly doubled since the pandemic began. And she has seen adversaries adapt their attacks to better target the remote workforce through more sophisticated Mac-based threats and social engineer attacks.
For Knight, organizations can take a few steps to secure their new distributed environments.
Knight’s advice: The biggest security challenges to solve
Knight believes the biggest problem organizations now face is a lack of visibility into their asset environment, combined with the inability to perform vulnerability and patch management.
Knight notes that most of her successful penetration tests have involved hacking assets that companies did not know they had, and that nearly all successful hacks in history have involved a malicious actor exploiting a known, patchable vulnerability.
For Knight, re-establishing visibility and control must come first.
To dive deeper into Knight’s story, and to learn more about what happened when the world stayed home, visit world-at-home.tanium.com.