Prior to the global health crisis, the most recent survey from Global Workplace Analytics found that only 3.6% of the employee workforce works from home half-time or more. Clearly that percentage is surging as government guidelines mandate people work from home, self-quarantine and use social distancing.
Without the ability to catch up with co-workers in person, go out to lunch or grab a cup of coffee, you might think employees would be more focused. The reality is that most are distracted for a variety of reasons. The situation is evolving quickly, and our email traffic is growing exponentially.
Based on our experience with previous industry or region derived large-scale events, opportunistic attacks are to be expected, but the current situation is different. It is global and evolving with no clear end in sight – a new reality we all must navigate for the foreseeable future. Attacks will continue and employees’ mindfulness will erode further.
Security teams are on high alert, having to protect a shifting infrastructure from threat actors looking for low hanging fruit, yet they too are working remotely. Security Operations Center analysts and Incident Response team members cannot lean across the desk to compare data and analysis or walk down the hall to check in with a threat intel analyst.
And managers of security teams cannot tap an analyst on the shoulder to assign them a task or get an update on an investigation. Despite being geographically dispersed, security analysts and managers must be able to work effectively with team members and across teams.
To improve security operations when everyone is working remotely, organisations need a single, online collaborative environment that fuses together data, evidence and users. At its core is a central repository that contains all the organisation’s global threat data, augmented and enriched with context from internal threat and event data.
Individual team members and different security teams can access the intelligence they need to do their jobs as part of their workflow and can actively share learnings or directly communicate with each other.
Working in the virtual, cybersecurity situation room, they can accelerate their understanding of threats and improve collaboration. Should the number of incidents increase as threat actors ramp up campaigns, they can quickly divvy up tasks to focus on blocking and tackling. Rather than conducting investigations in parallel, all team members involved in the investigation process can automatically see the work of others and understand how it impacts and can benefit their own work.
Managers of security teams can benefit from this collaborative environment as well. They can oversee investigations remotely, observing the analysis as it unfolds and directing action when and how they need to. With a virtual shoulder tap they can break down and assign tasks to specific individuals, coordinate tasks between teams, and monitor timelines and results.
With online collaboration embedded into security operations, managers can ensure that security analysts, wherever they are physically located, are able to work together efficiently and effectively to accelerate detection and response.
At a time when threat actors are looking for low hanging fruit and potential weaknesses in our new normal, a virtual cybersecurity situation room lets teams work together using the right data to take the right actions faster and strengthen security posture. Even when their analysts are working from home, security managers can continue to coordinate investigations and remediation.
By Ryan Trost, Co-founder and CTO, ThreatQuotient.