Research shows organizations increasing vulnerability
versus security investments needed
THE sudden shift to remote working from home brought about a huge amount of anxiety to organizations not ready to operate in this environment. Many unforeseen challenges were brought about by the dramatic shift to remote working induced by the pandemic.
According to the 2020 Remote Workforce Cybersecurity Report unveiled last week by security solutions provider Fortinet, the unplanned shift to telework was not aligned to the planned cybersecurity investments thus a shift was necessary to secure remote work (employees and systems) for the rest of 2020 and beyond.
“The COVID-19 pandemic will have lasting effects on how organizations invest in cybersecurity. In fact, over 90 percent of enterprises plan to invest more to secure telework over the next two years,” John Maddison, EVP of Products and CMO at Fortinet said referencing the report’s investigations on the need to fortify security in a telework ecosystem.
The report investigates the cybersecurity challenges that organizations faced as a result of the dramatic shift to telework early this year and the planned investments to secure remote work in 2020 and beyond.
Initial facts state that in the first half of 2020, many organizations were required to shift to telework practically overnight as teams around the globe were asked to stay home. Nearly two-thirds of the firms surveyed had to rapidly transition over half of their workforce to telework.
In addition, most respondents said the rapid change presented a challenge to their organization, with 83 percent citing it as moderately, very, or extremely challenging. Only 3 percent were not at all challenged.
The sudden shift to telework was challenging for most organizations
Conducted in June 2020, which is timed towards the peak of remote workers and companies are just settling in from the steep learning curve of out-of-office operations, the survey involved participants from 17 different countries, representing nearly all private industries and the public sector.
At that time, the evolving remote work environment had increased reliance on personal device usage, and overall influx of workers outside the corporate network opened an opportunity for unprecedented cyber threat activity.
Though enterprises had been cognizant and prepared extensively for BYOD as a vulnerability, the pandemic opened up new opportunities for cybercriminals. From phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit at an enormous scale.
Another report by Fortinet subsidiary, FortiGuard Labs called the Global Threat Landscape Report showed that 60 percent of organizations revealed an increase in cybersecurity breach attempts during the transition to remote work, while 34 percent reported actual breaches in their networks. These included simple phishing and business email compromise schemes, and ransomware attacks. In some instances massive nation-state backed campaigns were reported.
Given this dramatically expanded digital attack surface, the waves of cyber threats targeting remote workers, and the ongoing cyber skills gap, organizations need to carefully consider what technologies and approaches are needed to secure their telework strategies long-term.
“They have an opportunity to maximize their investments with cybersecurity platforms designed to provide comprehensive visibility and protection across the entire digital infrastructure, including networked, application, multi-Cloud, and mobile environments. This ongoing shift to remote work will also require more than just technology; cybersecurity training and awareness should also remain key priorities,” Maddison emphasized.
With a spike in employees remotely connecting to the corporate network, an increase in breach attempts and overall cyber-attacks, organizations cited the most challenging aspects of this transition as ensuring secure connections, business continuity, and access to business-critical applications.
It is worthwhile to note that at the time of the survey, enterprises had already invested in key technologies as a result of the pandemic. Nearly half of the organizations invested further in VPN and cloud security, while nearly 40 percent invested further in skilled IT professionals or network access control (NAC).
More to be done
Given the number of attempted breaches and overall waves of cyber threats targeting remote workers, organizations need to carefully consider what technologies and approaches are needed to secure telework moving forward. Defense strategies need to be adjusted to fully account for the extension of the network perimeter into the home.
Fortinet’s workforce report says that there is still room for improvement and that almost all enterprises are expected to invest more in secure telework. The reasons for this include the possibility of online work extending up to 2021 or beyond and refocusing investments on what needed to be done to ensure operations continue under the premise of more telework with some organizations expecting more than half of their employees to continue working remotely full time after the pandemic.
Almost all organizations expect to invest more to secure telework long-term, with nearly 60 percent of enterprises spending more than $250,000 in secure telework investments in the next 24 months. While the majority of enterprises surveyed intend to make unplanned upgrades to their existing systems to secure telework. Many also plan to add new technologies not previously in place.
Only 40 percent of organizations had a business continuity plan in place prior to the pandemic. Yet, as a result of the pandemic and the rapid shift to remote work, 32% invested further in this area.
While organizations have made improvements in securing their remote workforces since the beginning of the pandemic, survey data reveals several areas that could be considered opportunities for improving secure remote connectivity. The report listed the following as the most popular choices for network security:
- Multi-factor Authentication (MFA) – The survey revealed that 65 percent of organizations had VPN solutions in place pre-pandemic, but only 37 percent of organizations had multi-factor authentication (MFA). While VPNs play an important role in ensuring secure connectivity, they are simply one part of securing access. Therefore, if not already in place, it is recommended that organizations consider integrating MFA into their remote security plans.
- Endpoint security and Network Access Control (NAC) – 76 percent and 72 percent of organizations plan to either upgrade or adopt NAC or endpoint detection and response (EDR) solutions respectively. As employees work remotely, organizations face challenges to control the influx of non-trusted devices on their networks to enable remote work, creating new security challenges overnight. By adopting NAC solutions, IT teams get increased visibility and control over the users and devices on their network. EDR solutions deliver advanced, real-time threat protection for endpoints both pre- and post-infection.
- Software-Defined Wide-area Networking (SD-WAN) for the Home: 64 percent of organizations plan to either upgrade or adopt SD-WAN, but specifically for the home office. The critical advantage of extending secure SD-WAN functionality to individual teleworkers, especially super users, is that they can enjoy on-demand remote access as well as dynamically scalable performance regardless of their local network availability.
- Secure Access Service Edge (SASE) – 17 percent of organizations made investments in SASE prior to the pandemic, and 16 percent invested in SASE as a result of the pandemic. Still, 58 percent plan to invest in SASE to some degree going forward. Although SASE is an emerging enterprise strategy, it is increasingly seen as an opportunity to combine network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s organizations.
- Skilled security professionals – At the start of the pandemic, only 55 percent of organizations had enough skilled IT workers in place to support the shift to remote work. And while 73 percent of organizations stated their intention to invest further in skilled IT workers in the next 24 months, the historical lack of skilled IT security professionals could present a challenge.