The Security Hazards of Hybrid Work

Infoblox recently commissioned a survey to understand the global state of security, including the impact of remote workers, was completed with over 1,100 IT and cybersecurity decision-makers and influencers participants, covering 11 countries. The participants also shed some insight into current threats and anticipated investments designed to prevent ransomware and other serious security concerns.

Today’s cybersecurity challenges are not that much different than from past years, with one slight twist – the attack surface has dramatically shifted. The pandemic forced us to rethink our IT environment as most users had no choice but to work remotely, relying on their residential internet services. This dramatic shift didn’t give us any time to plan connectivity or security. The result is that every user’s device can become a potential threat. But this is not another discussion about the perils of working from home; it’s about understanding how this new paradigm affects the security thought process and what organizations have experienced concerning their security posture based on this new normal.

Infoblox recently commissioned a survey to understand the global state of security, including the impact of remote workers, was completed with over 1,100 IT and cybersecurity decision-makers and influencers participants, covering 11 countries. The participants also shed some insight into current threats and anticipated investments designed to prevent ransomware and other serious security concerns. Unsurprisingly, the report highlights that moving to a remote work environment contributed to an increase in security incidents, including data loss, ransomware and attacks via cloud services. The result of the survey is a summary of all respondents, as well as multiple regional/country-specific reports.

If one analyzes the reports, they will find a commonality of tools most organizations invested in. VPN took the lion’s share of investments in the past 12 months. However, DDI and DNS technologies are growing in popularity. 41% deployed cloud-managed DDI (DNS, DHCP and IP management) servers as security controls. When hunting down a threat source, 40% relied on network flow data that DDI provides, 39% used DNS queries, and 39% used outside threat intelligence services.

Common set of cyber threats

What is also interesting is how each country diverged in the types of threats or vulnerabilities they were most concerned about in the next 12 months. Here are some examples that bring to life the fact that every region/country may face a common set of cyber threats; they may differ in the order of importance:

Data leakage – this was the #1 concern amongst almost all countries surveyed, with an outlier being the US, where “Ransomware” made it to the #1 spot.

Ransomware – this was the #2 concern amongst almost all countries surveyed, with an outlier being the US, where “Data leakage” made it to the #2 spot.

Attack via remote worker connections made it to #3 for almost all countries surveyed, with an outlier in the EMEA roll-up, where “Direct attack through cloud services” made it to #3.

Key findings 

Two years into the pandemic, the lack of adequate resources is more than an inconvenience; it’s an open challenge to bad actors in search of weakened organizations. But chaotic moves made amid the pandemic have also opened the door to new opportunities for more robust security and business continuity. 

Among the study’s key findings:

Surge in remote workers and customers has changed the corporate landscape permanently
Some companies shuttered physical offices for good, and even those still holding on to commercial properties understand they must contend with remote staff or hybrid workplaces for the time being. As a result, some moved more applications into the cloud and rely on traditional network security like VPNs and firewalls placed on corporate mobile devices. For employees using their own equipment, many companies are deploying solutions to monitor and manage DNS, DHCP and IP traffic moving in and out of servers. 

New hybrid workforce reality is causing greater concerns with data leakage, ransomware and attacks
Respondents indicated concerns about their abilities to counter increasingly sophisticated cyberattacks with limited control over employees and vulnerable third-party partners. The sophistication of state-sponsored malware also is a source of worry for many

Most participants experienced up to five security incidents that led to at least one breach
Attacks tended to originate with WiFi access points, employee-owned endpoints or the cloud. Phishing was a common conduit to gain illegal entry to hijack credentials and steal or lock down data files. These weren’t minor events either; the study showed 43% of all organizations surveyed suffered at least US $1 million in direct and indirect losses

Interest in Secure Access Service Edge (SASE) frameworks is accelerating
As assets, access and security move out of the network core to the edge with the push for virtualization, 54% have already partially or fully implemented SASE and another 28% intend to do so.• Organizations do apply controls for on-premises, cloud and hybrid environments, but there’s plenty of room for improvement. Roughly two-thirds of all participants were less than very satisfied with their organization’s ability to respond to an actual attack, such as ransomware, using existing solutions. They also are eyeing solutions for hybrid environments more often than on-prem or cloud only versions.

IT security budgets and spending has increased
Many are considering primarily hybrid-oriented solutions that protect assets both on premises and in the cloud. And they are trying a wide variety of solutions — everything from end point and network security to cloud access security brokers, DNS security and threat intelligence services. These findings point to the current struggles that remain largely unresolved with dispersed workforces and high churn now commonplace.

Measures taken by organizations

Findings from the global survey illustrates how companies around the world responded to the swift shift to remote work. A majority accelerated their digital transformations and nearly half increased support for customer portals to foster engagement. To help keep up productivity and profits, some organizations added resources to networks and databases and shifted applications to external cloud providers. Many also turned their attention to tighter network and security controls. 

What companies chose to do were based largely on their resources, expertise, and geography: Some expanded their IT staff. Others reduced their ranks or reassigned IT staff. Some unfortunately closed physical offices permanently as a cost-savings measure, while a lucky few continued with business as usual. These measures, in part or whole, point to the myriad ways enterprises reacted to a radical decentralization — rapidly reallocating resources and restructuring to meet a new way of working.

To protect critical data from the dangers that come with remote employees using a mix of personal and company devices, some organizations added devices to their equipment fleets, particularly placing corporate-owned mobile devices in the hands of remote employees for slightly more than half of respondents, according to the survey. Just as many added virtual private networks to encrypt transmissions over the internet, especially if a remote worker used public or poorly protected wireless networks. These and other measures were designed to equip employees with secured tools to do their jobs under trying circumstances and without destabilizing the organization. 

Remote Employees + Weak Wi-Fi Security = Big Trouble

A consequence of a rapid, mass movement to remote workers and ramp up in consumer digital services is a greater chance of someone or something getting through that shouldn’t. The most successful mode of attack was phishing (58%). Zero-days, among the more difficult to defend, accounted for just under a quarter of all breaches. Instead, more than half of all respondents (53%) experienced up to five IT security incidents in 2021, with another one in five grappling with six to 10 events. 

These events can shatter confidence in internal capabilities and strain vendor relations if the source of compromise turns out to be a third party. It also makes it more difficult to marshal adequate defenses if the defenders themselves lack trust in their own abilities.

Fortunately, some preventative measures are working. Forty-nine percent hadn’t experienced a breach from an incident. Thirty-four percent had one or two, and only 2% had more than 10 breaches.

The two most prominent attack vectors in 2021 were Wi-Fi access points and remote, employee-owned endpoints — two areas in which employers have the least control. The impact from breaches were most likely to be outages or downtime, though compromised data also was significant — whether it was manipulated, stolen, exposed, locked down, or otherwise restricted. Other malware infections hit almost a third of participants. 

Third-party risks were a common theme among respondents. Companies worried that their security measures could prove useless if attackers compromised a trusted supplier or contractor to gain access to sensitive information. The countries covered in the survey traced breaches they experienced back to such things as weak Wi-Fi security and remote endpoints, third-party suppliers and insecure cloud infrastructures and applications.

Current Measures to Counter Threats

The survey also asked about security controls being implemented. Respondents leaned toward hybrid versions and their preference for solutions that protect both on-premises to cloud-based IT models with a more fluid workforce. For instance, while somewhat evenly split on on-premises vs. cloud-based vs. hybrid DNS security, there was greater preference for hybrid versions of data encryption and security web gateways

Among the most popular security controls in play:

  • Cloud access security brokers (CASB)
  • Data encryption
  • Data loss prevention
  • DNS security
  • Endpoint detection and response
  • Network security
  • Network traffic monitoring/detection and response
  • Secure provisioning and de-provisioning
  • Secure web gateways
  • VPN and other access control tools

Usages of these solutions vary, with the most popular options being DNS security to monitor and manage network traffic and VPNs to control access. Least likely adopted were CASB and provisioning tools. Only 10% were very satisfied with their ability to respond to an advanced attack, leaving plenty of opportunity to improve cyber defenses — especially given that more than one in four organizations took longer than 24 hours to investigate a threat. When hunting down a threat source, 40% mostly relied on network flow data, systems-specific vulnerability information (39%), DNS queries (39%) and outside threat intelligence services (37%). 

Other popular device additions were remote employee-owned devices, cloud-managed and internally managed DDI (DNS, DHCP and IP management) servers (48% each). 

DNS – a popular choice

DNS has become a popular component of organizations’ overall security strategies. Almost half used it to help block bad destination requests, thereby reducing the burden on perimeter defenses. The same number gathered intelligence from devices making requests to determine malicious destinations.

DNS also was broadly applied to protect against threats like DNS tunneling/data exfiltration, domain generating algorithms, spoofed domains, detect malware activity earlier in the attack kill chain, etc. DNS is a popular strategy in the U.K. to ease the burden on organizations’ perimeter defenses. In exploring the role of DNS (Domain Name System) in a U.K. organization’s overall security strategy, 47% reported it is used to block bad traffic and ease burdens on other perimeter defenses.

Another 38% used DNS to protect against threats like DNS tunneling. In France, 47% reported using DNS security enhancements to protect against threats like DNS tunneling (47%), and to detect malware activity earlier in the kill chain or detect devices making requests connected to malicious destinations (45%).

In a nod to the ongoing global transition from on-premises to remote or hybrid workforces, almost 40% of respondents planned to purchase a hybrid version of DNS security in the coming year, with another 27% opting for the cloud only version. In the past 12 months, 40% of respondents had added cloud-managed DDI servers and another 26% installed their own versions. DDI platforms integrate DNS, DCHP (Dynamic Host Configuration Protocol) and IP address management so enterprises can better monitor these core network components.

(Source : Infoblox.com)

Comments (0)
Add Comment