The global disruption created by COVID-19 has created a ripple effect across the world. As a result, enterprises are facing more cybersecurity pressure than ever before. With a surge in attack volumes, breaches and increased sophistication of techniques, the security landscape is in unprecedented times.
As security teams transform to meet these new challenges, the 2020 VMware Carbon Black Global Threat Report highlights the new threats of our new world.
Amid the global upheaval, security professionals faced new threats and an escalation in attack frequency. With insights from 3,021 CTOs, CIOs and CISOs, the VMware Carbon Black Global Threat Reports highlights the impact of COVID-19 and the vulnerabilities it has exposed. The results reinforced much of what we hear anecdotally – the threat landscape is getting tougher; third-party vendors are proving a major liability and COVID-19 has considerably intensified security threats.
Threat landscape escalates, and the UK bears the full force
We often talk about what keeps security professionals awake at night. If you’re a security professional in the UK, you are not likely to be getting much sleep at all. The UK is bearing the brunt of escalating threats. Almost all survey respondents say attacks have grown in volume. A similar percentage say they are more sophisticated.
Of course, the acid test of the intensity of the threat environment is the number of times attacks succeed. The report found all but two of the 251 UK cybersecurity professionals had suffered at least one breach in the last 12 months. To put this in context, we’ve run this research four times in the UK, and these are the highest figures we’ve ever seen for volumes, sophistication and breach frequency. Proof, if it were still needed, that reliance on network security and perimeter-based defences is not enough; in the case of breaches, it’s no longer a matter of if but when.
Extended enterprise under threat
Once we accept the inevitability of breaches, we can pivot more effectively to hardening defences against the vectors most likely to cause them. Here the research raised two key areas for focus, each requiring a different plan of action.
- OS vulnerabilities: Poor patching hygiene is unacceptable in today’s environment. Yet OS vulnerabilities still led to breaches for 15.5 percent of UK respondents. Firms need to focus on getting on top of patching as a strategic pillar of cyber defence. The key is improving communication between IT operations and SecOps professionals to build an integrated, cross-disciplinary approach.
- Large partner ecosystems, supply chains and third-party applications: These are central to business operations. The UK research showed that island-hopping, in particular, is having a disproportionately large impact, featuring in only six percent of attacks but causing 15 percent of breaches. Add to this the number of breaches caused by third-party applications and supply chain vulnerabilities, and you’re looking at more than one-third of all breaches originating in third parties.
What this confirms is that visibility into the corners of the extended ecosystem is essential; if you can’t see it, you can’t fix it. The threats are there, so hunting them out before they lead to breaches is the only way forward. Behavioural analysis of all those interconnected and exposed endpoints will pick up anomalies. They will show defenders where to look for incidents and where attackers are using third parties to gain access to networks and data.
COVID-19 surge exposes vulnerabilities
Into this intensive, complex threat environment came COVID-19. The UK lockdown went into effect on 26 March, prompting an overnight transition to home-working for UK office-based businesses. It led to unprecedented pressure for IT operations and security teams tackling productivity, security and business continuity. Confirming the hypothesis that disruption and malicious activity go hand-in-hand, 98 percent of our survey respondents in the UK reported an increase in cyberattacks as a result of more employees working from home, with malware at the top of the list. Increased IoT exposure and phishing attacks also added to the list of woes.
It exposed weaknesses in disaster recovery planning, ranging from problems communicating with external parties to managing IT operations. However, the single biggest threat that has emerged in the security arena following the spread of COVID-19 has been the inability to institute multifactor authentication. Well over one-quarter of UK respondents said this proved a major problem when trying to deliver secure remote access for employees.
Building Back Better
Today, perimeter-based defences are ineffective, and threats are rising, especially those originating in third parties. COVID-19 has added to the challenges of overburdened IT operations and security teams. The rapid adaptations that security teams need to make to protect a much more distributed, cloud-based workforce require an approach that makes security intrinsic and enables IT operations and security teams to integrate both strategically and tactically.
The immediate impact of COVID-19 is waning, and the next normal is beginning to emerge. It is a critical point at which companies must revise their approach and respond to the new threat landscape and the flaws exposed by the stresses of responding to the shift to remote working.
It’s time to break down the siloes that exist in cybersecurity technologies and approaches. Companies should implement an approach that builds security intrinsically across applications, clouds, and devices. They must bring together IT operations and security teams to tackle new threats and eliminate blind spots. It will deliver better visibility and proactively address vulnerabilities before they become breaches or attacks.
COVID-19 has proved a watershed moment in many ways, prompting reflection and a determination to “build back better”. Collaboration will be fundamental to addressing threats, both old and new, in the new world in which we find ourselves.
VMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.
More than 6,000 global customers, including approximately one third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.