Trustwave 2021 Network Security Report Shows How Threats Have Evolved in a Remote Workforce World
June 2021 by Trustwave
The COVID-19 pandemic created enormous challenges for businesses worldwide – and cybersecurity challenges were prominent among them. Employees transitioning to working from home created new vulnerabilities in network systems designed for a centralized, in-office workforce. As a result, there was a subsequent spike in cybercriminal activity, as bad actors hastened to take advantage of the situation, along with an increase in malware attacks and other network security threats.
To give organizations a better view of how the network security landscape has evolved, Trustwave SpiderLabs utilized its internal and external network vulnerability scanning systems and threat intelligence to provide insights into which threats were most pervasive. They compiled their findings in the 2021 Network Security Report.
We sat down with Prutha Parikh, Senior Security Research Manager, Trustwave SpiderLabs, to discuss some of the key trends from the 2021 Network Security Report in more depth.
How has the remote work environment changed the required approach to network security?
With the move to remote work, we saw a sudden surge in the use of personal devices accessing corporate networks while being connected to home Wi-Fi networks. These home networks can be largely unsecured, making them a primary target for attackers looking into a point of access.
Enterprise-level security solutions do not guard systems on home networks. Home networks typically use obsolete software and are not regularly patched, making them much more appealing to cybercriminals. This shift to home network utilization has exponentially expanded the edges of corporate networks, requiring organizations to adapt their protections. In our research, we noticed an uptick in VPN and video conferencing tool vulnerabilities – along with insecure, open access to remote access tools and external services directly accessible over the Internet.
SolarWinds has put supply chain security in the spotlight. What’s the big network security takeaway from that security incident?
Organizations should always take a holistic approach to security. The SolarWinds supply chain attack showed that a well-rounded defense-in-depth approach to detection and response is critical when prevention fails. From a network security best practices standpoint, the SolarWinds compromise shouldn’t deter organizations from installing patches from suppliers.
As mentioned in the 2021 Network Security Report, having an up-to-date asset inventory, continuously monitoring the network for known vulnerabilities, and ensuring systems have the latest patches installed should remain an integral part of an organization’s holistic security program.
VPNs have received some negative press in the past few months and have been at the root of some high-profile system compromises. What makes them so dangerous if compromised? What VPN best practices do companies need to ensure they’re following to ensure security?
VPNs were designed a couple of decades back to create and expand “trusted on-premises networks”. Organizations traditionally used them to provide remote users with a secure channel for communication into corporate networks. They were not built for today’s modern complex ecosystems and multi-cloud infrastructures.
VPNs take what we call a “perimeter-based” approach to security – trusted users on the inside and untrusted users on the outside. This approach was somewhat sufficient pre-pandemic with firewalls and other security solutions protecting office workers.
But, when the dramatic shift to remote work happened a year ago, it highlighted some of the challenges that came with this perimeter-based model of security that VPNs relied on. Employees were connecting into corporate networks from multiple locations, sometimes through bring-your-own-devices (BYOD) and unmanaged devices while on their home networks. This de-centralized workforce created a very large enterprise attack surface for VPN solutions. The access-to-all-or-nothing motto is the reason a VPN compromise can be extremely dangerous. Once an attacker is on the corporate network, they have access to everything. So when an attack occurs, the damage could be significant.
The move to multi-cloud solutions makes “Zero-Trust” solutions a more secure alternative to VPNs. Unlike VPNs, these solutions don’t inherently grant access to everything but instead allow for a more granular approach based on the concept of least-privileged access. By default, access is denied unless permissions are explicitly granted. The Zero-Trust model can segment the network, and users must authenticate every time they want to access an application or system. This is a more secure design for hybrid and remote environments, given the rapid shift to the cloud.
That said, VPNs will still be in use for on-premises networks, and based on the use-case, a combination of using Zero-Trust solutions and VPNs together is more likely to stay around. For enterprises that rely on a VPN for protecting their on-premises networks, here are some of the VPN best practices to follow:
• Enable and require multi-factor authentication
• Proactively apply security patches released by VPN vendors
• Ensure VPNs are correctly configured to minimize security risks
• Run the VPN in full tunnel mode as opposed to split-tunnel mode
• Restrict BYOD and unmanaged devices from connecting to the VPN; Zero-Trust solutions are a better security solution for personal devices