While most employees treasure the reduced stress of working from home (WFH), security teams worry. It takes one careless employee to find your network access sold on the darknet for a few hundred dollars.
Recent studies show 2021 will likely be a record year for cybercrime. Fueled by triple extortion, ransomware surged 93% in the first half of the year.
And no one wants to headline the next breaking news story about a company locked out, out of its systems. A recent survey of over 2,100 decision-makers by Thales and 451 Research shows the fear is widespread.
The vast majority, 82%, of respondents are at least somewhat anxious about the security risks involved, with a large number of company employees opting not to come back to the office. 44% do not feel confident their remote access security can guarantee safety.
The fears are very well-grounded in reality. Remote desktop protocol (RDP) attacks were the most popular attack vector for ransomware. 2020 saw 3.3 billion RDP attacks, almost four times as many as in 2019.
VPN reigns supreme
Companies employ a multitude of tactics to repel malicious actors. According to the 2021 Thales Access Management Index, virtual private networks (VPN) were the most common tool for remote access management, with 60% of respondents claiming to have deployed a VPN. A fifth of survey participants answered they’re not planning to replace the existing VPN solution.
Use of virtual desktop infrastructure (VDI) followed closely with 56%. Cloud-based access and zero-trust network access/software-defined perimeter (ZTNA/SPD) were each used by 53% of IT decision-makers to safeguard the companies they represent.
44% also responded they are planning to deploy ZNA/SPD in response to WFH-related security threats. Another 38% expect to move to multi-factor authentication (MFA) solution. A wise choice, given Google, estimates the use of MFA can almost wipe out automated attacks.
Regionally, there was notable variation in the adoption of MFA, with the UK leading (64%), followed by the US (62%), APAC (52%), and LATAM (40%). According to the Index, these varying degrees of adoption may be due to the level at which better access management is prioritized in security investments.
The survey also showed that most businesses use several authentication vendor tools to ensure the access is as secure as possible. 37% use 1-2, a quarter employs 3-5, while 8% use more than five vendors. Somewhat worryingly, 30% use none.
A year of turmoil
Even though there are still a few months of 2021 left, there’s little doubt it’ll be a record year for cybercrime cartels. Colonial Pipeline, JBS, and Kaseya cyberattacks have caught the public’s attention. However, they’re far from the only ones that took place.
A recent IBM report shows that an average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.
The absolute ransomware nightmare began in 2019 when the Maze ransomware group introduced double extortion tactics. Recently the tactic evolved into a triple extortion phase.
Since 2019, multiple data leak sites have emerged, such as the Maze ransomware website, Happy Blog operated by Sodinokibi (REvil), Conti News, and Babuk Locker. Over 2,600 victims have been named to a data leak site since the trend began, and 740 different victims were named just in Q2 2021 alone.
More from CyberNews:
Subscribe to our newslette