IT-ISAC, Synack, and BAE Systems recently came together for a presentation on security implications for going back to work during today’s ever-changing environment. Really, how are technology companies building for the future? Learn more by tuning in to the high-level discussion focused on the critical elements of security and what really has changed from a customer vantage point since the pandemic. In this engaging webinar, BAE’S VP of Intelligent Solutions, Peder Jungck shares his first-person account on navigating dynamic, telework practices including additional firewalls, BYOD situations, and secure VPN usage at BAE. Synack’s CEO Jay Kaplan provides an adversarial perspective on where companies are vulnerable and how to leverage security solutions to secure a “socially distanced” workforce. The webinar points out four key categories customers have been paying a lot of attention to during the pandemic as well as some key insights, read on for some of the highlights. 

Since the start of the pandemic, the top three vulnerabilities Synack Red Team researchers  have found include cross site scripting – both non persistent and persistent attacks, authorization and permission only access control issues, and SQL attacks.

Given the fact that more and more organizations’ assets are being exposed publicly outside their firewall, they are recognizing an increased need for compliance on application and network segments that didn’t require certain compliance and regulatory checks. It’s becoming more of a priority.

What are the top four categories of concerns and security implications for organizations and their remote workforce as we plan for a transition for the new future of work?

  • Compliance: Organizations still have compliance concerns such as HIPAA and SOC 2.
  • Vulnerabilities: Top vulnerabilities since the pandemic started include Cross Site Scripting, Non Persistent/Persistent, Authorization/Permission Only Access Control, SQL Injection.
  • COVID-19 Support and Response Apps: At Synack, our researchers are looking at assets that before were not previously tested. Synack has tested these applications for government agencies and healthcare companies. There has been a drastic increase in the number of applications that need to be tested and prioritized related to COVID-19.
  • High Priority Assets: Organizations need to reconsider asset prioritization and interrelation with infrastructure testing. 

To learn more and listen to key insights from BAE Systems,  IT-ISAC and Synack please listen in to the webinar here.

Posted by Charlie