Written by Rick McElroy, Principal Cybersecurity Strategist, VMware
It’s time for security teams to switch gears. We’ve reached a pivotal point in the history of cybersecurity where externally generated change has delivered a mandate for the industry to think differently and fundamentally alter our approach. The remote work environment is here to stay, so we need to assimilate what we’ve learned and devise a roadmap that will allow us to proactively protect the anywhere workforce. It’s a once-in-a-generation opportunity, so the question is, where should cybersecurity strategists focus as we set a course for the years ahead?
To answer that question, VMware surveyed more than 3,500 senior cybersecurity professionals to understand the current threat landscape and the impact of the past year. The insights we uncovered show a cybersecurity environment where malicious actors have thrived, and attack volume and sophistication have escalated. As entire industries pivoted to working remotely, breaches were the inevitable result. Here is what we learned, and what we believe security leaders need to do next.
Visibility is (still) everything – prioritise gaining oversight of the distributed network
The anywhere workforce has created a visibility problem. The volume of attacks has increased for three quarters of global organisations, and 78% say they saw more attacks due to increased remote working. However, the true scale of attacks is hard to discern as defenders can’t see into the corners where personal mobile devices and home networks have been grafted on to the corporate ecosystem. On top of this, the risk posed by third party apps and vendors has increased the number of blind spots.
Consequently, cybersecurity teams need contextual oversight and better visibility over data and applications – in fact, 63% of the professionals we surveyed said this was important. A key priority must be gaining visibility into all endpoints and workloads across the newly defined and highly distributed ‘work from anywhere’ network. This network looks and behaves differently to those of the past, so familiarising teams with its quirks and vulnerabilities is critical. Robust situational intelligence is needed so teams understand the context of what they’re looking at and have confidence that they are remediating the risks that matter.
Prepare for ransomware attacks
Familiar TTPs saw a resurgence last year and none more so than ransomware. It was the joint top cause of breaches among the organisations we surveyed, and our threat intelligence unit saw a 900% spike in attacks during the first half of 2020. Attacks have become multi-stage as attackers focus on gaining undetected access to networks, exfiltrating data and establishing back doors, before launching ransom demands.
To tackle this resurgent issue and avoid falling victim to repeated attacks, organisations need a dual approach that combines advanced ransomware protection with robust post-attack remediation to detect the continued presence of adversaries in their environment. This means committing resources to threat-hunting while also hardening the common attack channels, such as email, which remains the most common launch point for ransomware attacks.
Close the gaps in legacy technology and processes
The switch to remote working exposed weaknesses in security technology and processes, which subsequently led to breaches. Organisations that had not yet implemented multi-factor authentication found that remote workers could not securely access corporate networks without introducing significant risk.
Now that remote working has become a permanent feature, security teams have a strong mandate to demand strategic investment to close those gaps between their current security environment and what is now needed to protect the anywhere workforce.
Re-think security and deliver it as a distributed service
The top cause of security breaches among our surveyed organisations was third party applications, underlining the endemic security risk in the extended enterprise ecosystem. This, together with the distributed environment, reinforces the need to rethink security approaches.
Fundamentally, the security problem has changed. While this change has been under way for some time, as demand for mobility and flexibility has fractured the corporate perimeter, the events of the past year have obliterated it entirely. Gone are the days when IT is focused on securing company-owned desktops for employees working on campus, connecting to corporate applications running on servers in a company-owned data centre. Today, remote workers are connecting to applications running on infrastructure that may or may not be managed, owned, or controlled by the company.
With so many new surfaces and different types of environments to defend, endpoint and network controls must be highly adaptable and flexible. This means organisations must deliver security that follows the assets being protected. For the majority, this means turning to the cloud.
Cloud-first security comes with a cautionary note
The shift to a cloud-first security strategy is universal in the drive to secure the cloud-first environment. Nevertheless, this shift brings its own challenges. The cloud is not a security panacea and controls must be vetted by organisations because if adversaries want to attack at scale, the cloud is the place to do it. In fact, cloud-based attacks were the most commonly experienced attack type reported globally. Adversaries are prepared to piggyback on companies’ digital transformation, and it is certain that we’ll see more sophisticated cloud attacks over the coming year.
The last year has shown just how important cybersecurity is to the resilience and continuity of businesses worldwide. With this rise in profile, the industry is in a strong position to take this once-in-a-generation opportunity to move beyond the siloes of legacy approaches and roll out strategies where security is unified, context-centric and intrinsic.
For the data behind the insights, read the full VMware Global Security Insights report here.