Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Stepping Up Cybersecurity This Summer

When summer fully upon us, we in the security profession need to make sure the change in season doesn’t create additional vulnerabilities.  

It’s summertime, and everyone’s on vacation. What could possibly go wrong?

For the security team, the answer is “plenty.” Summer brings a set of new challenges to security organizations including employees taking more time off, often with their corporate laptops. Our own security personnel are taking vacation time, too, which makes staffing the security operations center (SOC) more challenging. More laptops in less secure locations plus less security staff on hand can add up to greater risk.

Thus, with summer fully upon us, we in the security profession need to make sure the change in season doesn’t create additional vulnerabilities.  

With employees traveling, it’s important to address your security posture. Are your assets patched, encrypted and up to date with the latest protection updates as driven by your security posture? If not, can you make this a priority before those assets start traveling to unknown locations in employees’ luggage and carry-on bags?

Within the security organization specifically, have you planned for personnel shortages and coverage while employees take vacation? Do you have contact information for all critical members of the organization and their backups in case a significant incident is discovered? The threat actors in today’s environment recognize that organizations may not be as diligent about monitoring alerts over the summer, and they’ll take advantage of the potential opportunity for increased dwell time. Now is the time to plan and prepare; you may even want to conduct an incident response drill.

In addition to evaluating your organization’s overall security posture and your team’s readiness to handle staffing challenges, the summer gives individuals on your security team the chance to expand their roles and responsibilities. Are there projects that need additional resources? Processes that need to be improved or standardized? The summer is a fantastic time to do an overall evaluation and put in place new challenges and opportunities for security staff members to undertake in the second half of the year.

As you evaluate your security program, think about everything you can do to make progress toward your annual goals. How are you expanding the security visibility in your organization? Do you have access to the data sources you need to confidently detect and respond to threats in your organization? Do you have processes in place to efficiently handle incidents? How have these things changed over the course of the year so far? With half the year already behind you, it’s important to step back and evaluate the overall security posture.

Many of us think of the end-of-year holiday period as a time to address increased risk as well as a time to plan for the future. Summer offers us a similar opportunity. Use this time of year to evaluate the projects, people, technology and processes you’re currently engaged in and to improve your security situation both immediately and in the long term.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.