Today’s cybersecurity challenges are not that much different than from past years, with one slight twist – the attack surface has dramatically shifted. The pandemic forced us to rethink our IT environment as most users had no choice but to work remotely, relying on their residential internet services. This dramatic shift didn’t give us any time to plan connectivity or security. The result is that every user’s device can become a potential threat. But this blog is not another discussion about the perils of working from home; it’s about understanding how this new paradigm affects the security thought process and what organizations have experienced concerning their security posture based on this new normal.
We recently commissioned a survey to understand the global state of security, including the impact of remote workers, was completed with over 1,100 IT and cybersecurity decision-makers and influencers participants, covering 11 countries. The participants also shed some insight into current threats and anticipated investments designed to prevent ransomware and other serious security concerns. Unsurprisingly, the report highlights that moving to a remote work environment contributed to an increase in security incidents, including data loss, ransomware and attacks via cloud services. The result of the survey is a summary of all respondents, as well as multiple regional/country-specific reports ( find them all here).
If you take the time to read all of the reports, you will find a commonality of tools most organizations invested in. VPN took the lion’s share of investments in the past 12 months. However, DDI and DNS technologies are growing in popularity. 41% deployed cloud-managed DDI (DNS, DHCP and IP management) servers as security controls. When hunting down a threat source, 40% relied on network flow data that DDI provides, 39% used DNS queries, and 39% used outside threat intelligence services.
What I also found interesting is how each country diverged in the types of threats or vulnerabilities they were most concerned about in the next 12 months. Here are some examples that bring to life the fact that every region/country may face a common set of cyber threats; they may differ in the order of importance:
- Data leakage – this was the #1 concern amongst almost all countries surveyed, with an outlier being the US, where “Ransomware” made it to the #1 spot.
- Ransomware – this was the #2 concern amongst almost all countries surveyed, with an outlier being the US, where “Data leakage” made it to the #2 spot.
- Attack via remote worker connections made it to #3 for almost all countries surveyed, with an outlier in the EMEA roll-up, where “Direct attack through cloud services” made it to #3.
Another interesting find by comparing each region/country was with respect to where organizations identified the source of a breach. The following is another sample comparing some of these reports:
WiFi access point – this was the #1 source of breaches for almost all countries, with an outlier in the EMEA roll-up where Spanish organizations determined that “Other application-based attack” was the #1 source.
Cloud infrastructure or application – was the #2 source of breaches for almost all countries, with an outlier in the EMEA roll-up where Spanish organizations determined that “Remote endpoint (employee-owned)” was the #2 source.
43% of respondents pegged the cost of a breach to $1 million or more.
There are many great examples of how organizations respond to the new workforce environment, with many similarities between regions/countries. I encourage you to review the report(s) for your country or region. If you are curious, compare it with other regions/country reports to see how similar or different your environment is.