By: Mohammad Jamal Tabbara, Senior Solutions Architect, Infoblox

IT departments are suffering from a chronic lack of cyber skills. The IT industry is the fastest evolving industry out there with a myriad of various different technologies and solutions. A subject matter expert today could be completely out of the loop the next. It’s not enough to be a technically well-rounded IT professional, but must also understand the business needs and objectives. It is very difficult to find talent that can have all of those qualities. If you do find any, make sure you do everything you can to keep them.

There are currently limited skills in the market which can be attributed to the actual lack of manpower. A lot of companies have one or two technical resources that are certified on three or four different technologies. This puts a strain on resources and compromises the level of service.

Engineers are mostly motivated by knowledge and technical development. Hire less number of people but make sure you continuously develop and do everything you can to retain them. You will notice an immediate and positive impact to your business. I think it is important for companies to keep abreast of which emerging technologies are likely to necessitate a future skill set need among their employees and then facilitate training programmes to get their employees the skills they will need down the road.  The biggest barrier to training is time constraints as training programs tend to be quite time consuming. A lot of these training programs also seem to be extremely heavy on content which can lead to information overload. Training programs need to be simplistic and to the point.

It’s true, there isn’t a lot of talent if one looks on the surface. Don’t just judge a book by its cover. Whether it’s a negative or positive judgement for that matter. I often get asked to provide feedback on whether a candidate is ‘good enough’ to hire. If that’s the approach you should stop hiring and change your approach all together. Would you want a ‘good enough’ boss or a ‘good enough’ engineer implementing the solution you’ve just spent several hundred thousand dollars on? Chances are every one of you will say no to all of the above. Qualities such as teamwork, integrity and emotional intelligence are absolutely key when making a hire and they shouldn’t be binary. But the one area that I believe employers should pay very close attention to is the appetite of that individual to learn and to be coached. Finally, when you get someone good, hire them, take time to understand them and invest in them.

Some organizations are mitigating talent shortage by casting the net wider and recruiting talent from markets outside the region. In addition to casting the net wider, there are a number of highly experienced agencies that specialize in IT recruitment that we would advise CIOs to get in touch with. 

We believe that the best talent wants to work for the best companies. While offering an attractive compensation package is important, it is equally important to have a really strong culture – one in which employees are more than just a number and where there is a strong emphasis on having “fun”.

Multi-million dollar investment in new Accenture ServiceNow Business Group will accelerate and expand delivery of mission-critical digital workflow solutions

Accenture (NYSE: ACN) and ServiceNow (NYSE: NOW) have formed a new business group to help private and public sector clients accelerate their digital transformation and better address today’s dynamic operational challenges. The Accenture ServiceNow Business Group represents a significant multi-million dollar investment from both companies over the next five years.

In the COVID-19 era, organizations are under more pressure than ever to innovate faster, reduce costs, enhance productivity, and meet their customers’ needs. The Accenture ServiceNow Business Group will help organizations rapidly evolve organizational processes and unlock the full value of technology investments by adopting digital workflows that deliver modern, personalized customer and employee experiences. This includes empowering employees and customers with self-service and remote work programs that offer increased flexibility, mobility, and choice. By establishing a more modern workplace with platform-driven, technology-enabled workflows, organizations are better positioned to balance business needs, satisfy customer demands, drive employee engagement, deliver productivity expectations, and realize workplace cost optimization.

“By further strengthening our strategic alliance with ServiceNow, we will enable our clients to more quickly embrace change,” said Julie Sweet, chief executive officer, Accenture. “With a move to the cloud, they can reimagine their operations, reskill their employees, and become more sustainable. Working together with ServiceNow to automate complex processes and create better experiences across industries, we will help organizations deliver greater 360-degree value that benefits all — their customers, people, shareholders, partners, and communities.”

ServiceNow CEO Bill McDermott said: “Leaders in every organization know that their 20^th century technologies are too slow, too siloed, too stuck in the status quo to meet the dynamic digital demands of employees and customers today. Speed, agility, and resilience are what’s needed now. Our ServiceNow and Accenture partnership brings together world-class teams, expertise, and our modern workflow platform to accelerate every organization’s digital transformation. The Accenture ServiceNow Business Group will help every organization become a 21^st century digital business.”

The Accenture ServiceNow Business Group will deliver industry- and domain-specific solutions and services to customers. Together, Accenture and ServiceNow will initially help accelerate digital transformation programs for customers in telecommunications, financial services, government, manufacturing, healthcare, and life sciences. Workflow innovation will focus on employee engagement, customer service and operations, artificial intelligence for IT operations, and security and risk. Additional industry solutions will be developed in the future.

Supported by approximately 8,500 Accenture people skilled in ServiceNow, the new group brings together dedicated professionals from both organizations with expertise in transformational workflow and platform development, marketing, sales, and business development across numerous priority industries. The business group will develop advanced industry and domain-focused solutions designed to deliver tangible, positive outcomes for clients at scale.

For example, Boehringer Ingelheim, a leading, research-driven pharmaceutical company with more than 51,000 employees and an Accenture and ServiceNow customer, uses ServiceNow’s technology and Accenture services to create a seamless, consumer-grade experience for global employees and customers.

“Our work with Accenture and ServiceNow has strategically fueled our innovation power. By optimizing our global employee experience, we’ve made our work processes across business functions faster and more efficient, ultimately driving better patient outcomes,” said Andreas Henrich, corporate vice president of IT Enterprise Data Services at Boehringer Ingelheim. “We’ve reduced complexity across our disparate bespoke systems and, in doing so, have transformed our business for growth.”

Accenture’s use of ServiceNow is a strategic enabler of customer-facing innovation at scale and, as a ServiceNow customer, the company uses ServiceNow workflows for employee engagement, invoice processing, asset management, artificial intelligence for IT operations, and its universal service desk. Accenture recently made the Now Mobile app available to its more than 500,000 people.

As a ServiceNow Global Elite Partner, Accenture is one of ServiceNow’s largest global go-to-market partners and winner of its Global Partner of the Year award in 2020. For more information on the Accenture ServiceNow Business Group, visit:

• https://www.accenture.com/us-en/services/alliances/servicenow?src=SOMS
• https://www.servicenow.com/partners/accenture.html

Comcast Business joins forces with Aruba to provide enterprise employees a secure, reliable, dedicated connection to their corporate networks – without competing for in-home bandwidth

Comcast Business today announced it is joining forces with  Aruba, a Hewlett Packard Enterprise company, for the launch of Comcast Business Teleworker  VPN. The new solution is specifically engineered to help enterprises provide their rapidly expanding remote workforces with the same secure, reliable high-performance connection to their corporate network that they have when physically in their office.

According to a study from Nemertes Research, the COVID-19 pandemic has prompted new ways of working, while triggering companies to be faster, more flexible and agile than ever before. As a result, enterprises – including those that otherwise would not have enabled employees to work from home – are increasingly adopting remote work initiatives, with 70% planning to continue their teleworking strategies. Yet, 30% of organizations struggle with providing the setup, security policies and management of remote connections, thus hindering employee productivity, upping IT workloads and increasing vulnerability to cyberattacks.

“The workplace as we knew it changed quickly, dramatically, and permanently in 2020 – and gone are the days where remote employees can serve as a blind spot for IT departments,” said John Burke, Principal Analyst, Nemertes Research. “Now that the home office is the office, IT must ensure applications and connectivity are secure and performing at the same level as in-office services – without that, there will be major ramifications and increased business risk.”

Setting remote workers up for success

Comcast Business Teleworker VPN offers a centrally managed remote access VPN solution that enables enterprises to provide employees the same access to their corporate network that they enjoy in the office, remotely. When combined with Comcast Business’s Teleworker Broadband solution, Comcast Business Teleworker VPN provides employees a secure, reliable connection to primary business systems, applications and files – all backed by the nation’s largest gig-speed network. This combination provides employees a dedicated, independent internet connection that does not interfere or compete with their athome internet – freeing up home bandwidth for remote learning, entertainment and more.

Comcast Business Teleworker VPN is powered by Aruba ESP, an enterprise-class, cloud-native platform which is centrally managed by Aruba Central’s single cloud console. When combined with Comcast’s Managed VPN Aggregator service at a business location, enterprises can securely connect home-based devices, including laptops, desktops, VoIP phones, printers and more to the corporate network, enabling them to:

• Reduce the burden on IT with simple, centralized cloud management and optimization that
• detects and dynamically resolves network issues
• 24/7 support provided by Comcast supplements an organization’s IT teams
• Maintain security with policy-based access control and traffic segmentation which can mirror the security settings in effect at the applicable business location
• Enable a hybrid work environment by maintaining a consistent experience between home and office locations

“Though the number of people working partially or fully remote has been on the rise for years now, the pandemic has truly sent this trend into hyperdrive,” said Christian Nascimento, Vice President of Product Management, Comcast Business. “Comcast Business Teleworker VPN enables enterprises to reimagine the work from home experience for both employer and employee alike, all while maintaining the security, performance and management they enjoy in-office. This new solution is just one more example of how we are helping businesses be more agile in response to the changing needs of today’s rapidly evolving workforce.”

“Work-from-home solutions require enterprise-class security and performance, with consumer-class ease of use,” said Michael Dickman, Senior Vice President of Product Management at Aruba, a Hewlett Packard Enterprise company. “Aruba ESP delivers on both fronts with secure policy-driven access to the full spectrum of corporate services, in a form factor perfect for home that is simple to use with plug-and-play installation. The new Comcast Business Teleworker VPN offering is a fantastic solution for organizations as they help their remote workers be efficient, creative and productive when connecting to corporate services from any location at any time.”

To learn more about Comcast Business Teleworker VPN and other remote work solutions, please visit:

https://business.comcast.com/enterprise/products-services/managed-services/managed-connectivity

By Derek Manky, Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs

It may feel too simplistic to be talking about cyber hygiene with CISOs. But in my years as a threat researcher, and now running a global team of threat researchers, data analysts, and forensics experts, I can say authoritatively that the lack of consistent cyber hygiene is the largest and most persistent threat inside most organizations. And the risk continues to grow as organizations continue to grow their networks and expand their attack surfaces without a holistic security architecture or management system in place.

The concept of cyber hygiene is a deceptively simple one: It involves a series of practices and precautions that, when repeated regularly, keep us safe and our devices working as they should. But that’s easier said than done with distributed networks, IoT everywhere, the adoption of multi-cloud infrastructures, and a growing reliance on SaaS application usage. Add the convergence of IT and OT, and the number of aging devices that cannot be taken offline because they monitor or manage critical systems 24×7, and the risks are greater, and the table stakes are higher, than ever before.

Keeping Remote Workers Safe

One of the most critical places on which to focus cyber hygiene efforts is remote workers. The rapid growth in a mobile workforce and their reliance on personal devices and home networks is just the latest example of the challenges that IT teams face. Unfortunately, enforcing cyber hygiene for remote workers seems to be low on the list for overworked IT teams – somewhere below keeping the business up and running and ensuring access to business applications and essential resources. 

Of course, the challenge is that employees working from home are using unsecured personal devices, from laptops to smartphones to tablets, to stay connected during the workday. And these devices, attached to weaker and far more vulnerable home networks, have created the perfect platform from which cyber criminals can launch attacks on enterprise data. 

Over the past several months, cybercriminals have combined social engineering tactics that exploit fears about the Covid-19 pandemic with older exploits targeting unpatched vulnerabilities found in devices deployed in many home networks. They have also modified their strategies, switching from email-based attacks, which many remote users have been trained to avoid, to new browser-based attack vectors. And once the corporate network has been breached, cybercriminals are delivering new, more malicious strains of ransomware and other malware.

Adapting to the Post-Pandemic Threat Landscape

While 2020 is currently on track to break the record for the number of vulnerabilities identified and published in a single year, these vulnerabilities also have the lowest rate of exploitation ever observed in the 20-year history of the CVE (Common Vulnerabilities and Exposures) list. Instead, vulnerabilities from 2018 have claimed the highest exploitation prevalence (65%). And more than 25% of firms have reported attempts to exploit CVEs from 2005. At the same time, exploits targeting consumer-grade routers and IoT devices have been among FortiGuard Labs’ top IPS detections according to our research. While some of these target newer vulnerabilities, a staggering volume have targeted exploits first discovered in 2014. 

The critical lesson is this: Do not assume that older vulnerabilities, including those more than 15 years old, cannot cause problems.  

What these trends show is that cybercriminals are extremely agile. Within days of seeing that companies were switching workers to remote status, the dark web was filled with phishing exploits targeting novice workers. Within weeks, threat sensors saw a dramatic drop off in threats targeting corporate resources and a corresponding spike in new attacks targeting consumer-grade routers, personal devices, gaming systems, and other devices connected to home networks. Cybercriminals are clearly more than willing to put in the work to find vulnerabilities that still exist within home networks that can then be used to enter the corporate network. 

Of course, many of these attacks are based on the same bad tricks these criminals have relied upon for years simply because they work. With this in mind, organizations must do two things. First, act swiftly to inform employees about cyber hygiene practices. And second, prepare them and their defenses to repel traditional threats like phishing scams and ransomware attacks, as well as new browser-based web attacks, especially as they continue to work remotely. Hosting video conferences to spread cybersecurity awareness across all arms of the business, sending out regular email updates, and urging employees to keep an eye out for unusual or suspicious emails and webpages are just a few examples of the initial steps to take.  

Top 10 Cyber Hygiene Tips to Employ Right Now

Thankfully, despite the continued prevalence of ransomware and the spike in HTML/phishing attacks, there are a number of simple steps organizations and their employees can take to build a stronger barrier against threats. Some of these steps are as simple as creating stronger passwords and performing regular software and application updates. Others may require the addition of newer, more advanced endpoint security software.

It’s also important to note that certain types of business resources are at particularly high-risk for attacks in the current climate. These include financial systems, customer support systems, and research and development resources. Extra measures and precautions may need to be taken beyond the steps outlined below to protect these sensitive, high-priority assets. 

Ensure all employees receive substantial training, both when hired and periodically throughout their tenure, on how to spot and report suspicious cyber activity, maintain cyber hygiene, and now, on how to secure their personal devices and home networks. By educating individuals, especially remote workers, on how to maintain cyber distance, stay wary of suspicious requests, and implement basic security tools and protocols, CISOs can build a baseline of defense at the most vulnerable edge of their network that can help keep critical digital resources secure. This can involve online learning and workshops with experts.

Run background checks before designating power users or granting privileged access to sensitive digital resources. By taking this extra step, organizations can make informed decisions that will inherently mitigate the risks associated with insider threats. 

Keep all servers, workstations, smartphones, and other devices used by employees up to date by applying frequent security updates. Ideally, this process should be automated, and enough time allowed for updates to be vetted in a testing environment. Proximity controls, such as cloud-based access controls and secure web gateways, can help secure those remote devices that cannot be updated or patched.

Install anti-malware software to stop a large majority of attacks, including phishing scams and attempts to exploit known vulnerabilities. Try to invest in tools that offer sandboxing functionality (whether as part of an installed security package or as a cloud-based service) to detect Zero-Day and other unknown threats. New Endpoint Detection and Response (EDR) tools should be on every CISO’s shopping list as they are not only very effective at not only repelling malware but can also identify and disable malware that manages to bypass perimeter controls before they can execute their payloads.

Ensure an incident response/recovery plan is in place, including a hotline through which employees can promptly report a suspected breach, even when they are working from home. This way, in the event of an attack, downtime will be minimized, and employees will already be familiar with critical next steps. 

Use secure access points, whether physical or cloud-based, and create a secured and segmented network for employees to utilize when connecting remotely. VPNs allow organizations to extend the private network across public Wi-Fi using an encrypted virtual point-to-point connection; this both enables and maintains secure remote access to corporate resources. And a zero trust network access strategy that includes NAC and network segmentation should also be in place.

Implement a strong access management policy, requiring multi-factor authentication when possible and maintaining strict standards for password creation. Employees should not be allowed to reuse passwords across networks or applications, whether corporate or personal, and should be encouraged to set complex passwords with various numbers and special characters. Consider providing password management software so they can keep track of passwords.

Encrypt data in motion, in use, and at rest. However, VPN and other encrypted tunnels can also be used to securely inject malware and exfiltrate data. Which means that organizations need to invest in technologies that can inspect encrypted data at business speeds as well as monitor data access, file transfers, and other significant activity. 

For security solutions to be as agile as the networks they need to protect (and the cybercriminals they need to defend against), they need actionable updates to keep pace with the shifting threat landscape. This means that even the fastest and most adaptable security solutions are only as effective as the threat intelligence infrastructure and researchers that support them.

Keeping up with the speed and volume of attacks can scale well beyond the limitations of human security analysts. As a result, machine learning and AI-driven security operations are no longer optional. They enable organizations to see and protect data and applications across thousands or millions of users, systems, devices, and critical applications—even across different network environments, such as multi-cloud, and the full range of network edges, including LAN, WAN, data center, cloud, and remote worker edges.

Final Thoughts on Good Cyber Hygiene

In the wake of COVID-19, CISOs have been faced with a seemingly impossible task: Keep enterprise networks secure while employees continue to work from home, perhaps indefinitely. And they have needed to do so on a limited budget, fewer resources, and a team of security professionals that’s already stretched thin. The solution? Enact an organization-wide cyber hygiene protocol, building the remote network security infrastructure from the ground up. 

By focusing on training, awareness, and education, employees will be better able to perform basic security tasks such as updating devices, identifying suspicious behaviors, and practicing good cyber hygiene across teams. After that, it is essential that organizations invest in the right systems and solutions – from VPNs to anti-malware software and encryption technologies – that enable clear visibility and granular control across the entire threat landscape. Complexity is the enemy of security, so the best response to an increasingly complicated and highly dynamic digital world is to get back to the basics. And that starts with cyber hygiene.