For most enterprises, it’s now been approximately one year of working from home, and as the pandemic evolved during that time, so did the cybersecurity threat landscape. People quickly adapted to the new norm of donning masks and sanitizing with vigor, but based on a recent poll, we found that cybersecurity hygiene has been a little more lacking. As you gradually prepare to head back to the office or are supporting a hybrid workforce, we’ve gathered fresh stats on existing and evolving cybersecurity considerations.
Frequent Illumio blog readers will know that our rallying cry is “assume breach.” By that, we mean that it’s not a question of if but when a bad actor will break through an organization’s network defenses. Do a quick online search of “SolarWinds” or “Microsoft Exchange” and discover that, weeks later, these attacks have a ripple effect on the global economy—and both led to emergency meetings of the White House National Security Council. These breaches affected tens of thousands of organizations.
We asked: Since working from home, has your personal approach to cybersecurity changed at all?
Our poll, conducted on Twitter, found that 35.8 percent of individuals are currently unconcerned about their personal approach to cybersecurity – even with the increased media spotlight on these ransomware and third-party breaches.
What’s more, unsurprisingly, is that 43 percent of enterprises are still using VPNs to keep ransomware attacks at bay; and, 28.3 percent are using firewalls.
“So what?” you may ask. No one should be solely relying on VPNs for visibility into the remote workforce and you can’t always count on employees to actually use the VPN. Work devices on local networks are vulnerable to ransomware that employees can bring back to the office. And preventing the lateral movement of ransomware requires granular segmentation and control – network firewalls don’t cut it.
It’s not all doom and gloom, however!
Our poll also found that 31.8 percent of organizations have made Zero Trust a priority in the past year—as 37.1 percent noted that external attacks are their biggest organizational security concern (with insider threats and credential dumping close behind).
With 42.1 percent of organizations anticipating a hybrid work model – with a split between at-home and in-office employees – we’ll underscore it again: you can’t prevent a breach, but you can be prepared to stop the spread of lateral movement by adopting a Zero Trust approach. This reality furthers the need to look beyond VPNs and firewalls to keep ransomware and cyberattacks at bay. Micro-segmentation is foundational to Zero Trust and helps enterprises prepare for breach. Remember, it takes just one entry point for ransomware or bad actors to gain access to an insecure network. When perimeter defenses fail, and they will, enterprises require a robust internal defense system to stop attackers and weather the storm.
Learn more about how organizations are accounting for security risks that came out of the COVID-19 era – and get more insights on what you should be doing – in the report, Security Risks 2021: Ransomware and the Return to the Office.