In 2020, companies were exposed to an unprecedented number of cyber attacks. As The Hill reports, the FBI’s Cyber Division reported up to 4,000 digital attacks per day in the first half of 2020. That’s a 400% increase compared to the reports that investigators received before the pandemic.
And many of these security incidents paid off for the attackers. In the 2020 Thales Data Threat Report – Global Edition, which surveyed IT and data security officials around the world, more than a quarter (26%) of respondents said that their employer had a data security breach in the past year.
Factors that contributed to these attacks
Verizon states in its Mobile Security Index (MSI) 2021 that COVID-19 could play a role in this surge in digital attacks and data breaches:
One factor that contributed to these results was the pressure to relax security policies that companies were under due to the measures required to cope with and adapt to COVID-19 … Probably many companies were too distracted too. For example, they may not detect security breaches, or if they did, they may not backtrack them enough to identify all of the sources involved.
In addition to incident response, these tradeoffs and distractions may affect other corporate digital security measures. Take, for example, the need to restrict the use of public WiFi networks. In the MSI 2021 survey, more than half of the respondents stated that their companies allow employees to access their own IT assets via public WiFi. Almost one in five respondents even stated that their company doesn’t even have a security policy for such access. With this in mind, it is not surprising that 71% of respondents admitted using public Wi-Fi for work-related tasks, even though more than a quarter of them (26%) said it was forbidden.
Verizon uncovered additional risks in the use of domestic WLAN networks and VPNs by employees. The MSI 2021 states that home networks are 70% more risky than corporate networks. This could be due to factors identified in the Proofpoint State of the Phish 2020 report: Less than a third (31%) of respondents said they had changed the default password on their WiFi router. And even fewer participants (19%) told Proofpoint that they had updated the firmware of their wireless router.
In turn, Verizon found in the 2021 MSI that less than half (47%) of respondents whoinstalled on their devices, activate it. A fifth of respondents said they never use the VPN or only activate it when it cannot be avoided.
What conclusions should companies draw from this?
The above results underline how important it is for companies to strengthen and further develop their security approach based on the zero trust principles. These principles are fundamental building blocks for developing next-generation security architectures.
According to the publication “Zero Trust Architecture” (SP 800-207) of the US National Institute of Standards and Technology (NIST), “Zero Trust is the name for an evolving spectrum of cybersecurity paradigms that take defense measures away from static, network-based perimeters and stronger to the users, assets and resources. “
Zero Trust is not a specific bundle of technology that a company can buy. Rather, it is a guiding principle that a company must commit to and gradually adopt when moving resources from local systems to the cloud and allowing employees to access local or cloud-based resources from home. The zero trust paradigm shifts the focus to concepts such as least privilege, continuous authentication and microsegmentation. In this way, companies can adapt the security strategy in such a way that it does justice to the new realities of a constantly changing IT environment.
To achieve a zero trust mentality, Verizon recommends that companies take the following steps: First, ensure that their users authenticate using multifactor authentication (MFA), biometrics, or one-time passwords (OTPs). Then they have to restrict access to the assets and resources and implement the least privilege principle by segmenting the network and implementing an identity-oriented approach to security.
For more information on the network security challenges organizations are facing today, download your copy of Verizon’s MSI 2021 here.