It’s time for security teams to switch gears. We’ve reached a pivotal point in the history of cybersecurity. Externally generated change has now delivered a mandate for the industry to think differently and fundamentally alter our approach. The remote work environment is here to stay, so we need to assimilate what we’ve learned and devise a roadmap that will allow us to proactively protect the anywhere workforce. It’s a once-in-a-generation opportunity. So the question is, where should cybersecurity strategists focus as we set a course for the years ahead?
To answer that question, VMware surveyed more than 3,500 senior cybersecurity professionals to understand the current threat landscape and the impact of the past year. The insights we uncovered show a cybersecurity environment where malicious actors have thrived, and attack volume and sophistication have escalated. As entire industries pivoted to working remotely, breaches were the inevitable result. Here is what we learned and what we believe security leaders need to do next.
Visibility is (still) everything – prioritise gaining oversight of the distributed network
The anywhere workforce has created a visibility problem. The volume of attacks has increased for three-quarters of global organisations. 78% say they saw more attacks due to increased remote working. However, the true scale of attacks is hard to discern. This is because defenders can’t see into the corners where personal mobile devices and home networks have been grafted on to the corporate ecosystem. On top of this, the risk posed by third-party apps and vendors has increased the number of blind spots.
Consequently, cybersecurity teams need contextual oversight and better visibility over data and applications. 63% of the professionals we surveyed said this was important. A key priority must be gaining visibility into all endpoints and workloads across the newly defined and highly distributed ‘work from anywhere’ network. This network looks and behaves differently from those of the past. It means familiarising teams with its quirks and vulnerabilities is critical and robust situational intelligence is needed. It gives teams an understanding of the context of what they’re looking at and have confidence that they are remediating the risks that matter.
Prepare for ransomware attacks
Familiar TTPs saw a resurgence last year and none more so than ransomware. It was the joint top cause of breaches among the organisations we surveyed. Our threat intelligence unit saw a 900% spike in attacks during the first half of 2020. Attacks have become multi-stage as attackers focus on gaining undetected access to networks, exfiltrating data and establishing back doors before launching ransom demands.
To tackle this resurgent issue and avoid falling victim to repeated attacks, organisations need a dual approach. It should combine advanced ransomware protection with robust post-attack remediation to detect the continued presence of adversaries in their environment. It means committing resources to threat-hunting while also hardening the common attack channels, such as email, which remains the most common launch point for ransomware attacks.
Close the gaps in legacy technology and processes
The switch to remote working exposed weaknesses in security technology and processes, which subsequently led to breaches. Organisations that had not yet implemented multi-factor authentication found that remote workers could not securely access corporate networks without introducing significant risk.
Remote working has become a permanent feature. It means security teams have a strong mandate to demand strategic investment to close those gaps between their current security environment and what is now needed to protect the anywhere workforce.
Re-think security and deliver it as a distributed service
The top cause of security breaches among our surveyed organisations was third party applications. It underlines the endemic security risk in the extended enterprise ecosystem. Together with the distributed environment, it reinforces the need to rethink security approaches.
Fundamentally, the security problem has changed and this change has been underway for some time. The demand for mobility and flexibility has fractured the corporate perimeter, and the events of the past year have obliterated it entirely. Gone are the days when IT is focused on securing company-owned desktops for employees working on campus, connecting to corporate applications running on servers in a company-owned data centre. Today, remote workers connect to applications running on infrastructure that may or may not be managed, owned, or controlled by the company.
There are many new surfaces and different types of environments to defend. It means endpoint and network controls must be highly adaptable and flexible. This means organisations must deliver security that follows the assets being protected. For the majority, this means turning to the cloud.
Cloud-first security comes with a cautionary note
The shift to a cloud-first security strategy is universal in the drive to secure the cloud-first environment. Nevertheless, this shift brings its own challenges. The cloud is not a security panacea. Organisations must vet controls because if adversaries want to attack at scale, the cloud is the place to do it. Cloud-based attacks were the most commonly experienced attack type reported globally. Adversaries are prepared to piggyback on companies’ digital transformation, and we’ll certainly see more sophisticated cloud attacks over the coming year.
The last year has shown just how important cybersecurity is to the resilience and continuity of businesses worldwide. With this rise in profile, the industry is in a strong position to take this once-in-a-generation opportunity to move beyond the siloes of legacy approaches and roll-out strategies where security is unified, context-centric and intrinsic.
For the data behind the insights, read the full VMware Global Security Insights report here.
VMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.
More than 6,000 global customers, including approximately one-third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.
