Ransomware Drives a Re-Thinking of Remote Access

The European Union Agency for Cybersecurity (ENISA) released its Threat Landscape 2021 report last week. The report focuses on trends during the period from April 2020 through mid-July 2021. Not surprisingly, ENISA has positioned ransomware as the prime threat for 2020-2021.

The whole report (116 pages) is worth a look, but the thoughts on the exploitation of work-from-home technologies are interesting and again emphasize the need for organizations to transition to SASE solutions.

The ENISA report notes the following:

“In our view cybercrime threat actors will certainly continue targeting technologies that support teleworking and specifically VPN and remote access services. The organization will be relying on these services as long as the pandemic lasts and their successful compromise by the adversaries gives the latter the opportunity of remote access to their victims without even deploying any malware.”

The increase in attacks against virtual private networks (VPNs) has been significant, as other researchers have previously reported. For example, the Q1 2021 Threat Landscape Report from MSSP Nuspire saw an almost 2000% increase in attacks against one VPN provider’s products and a 1500% increase against another. And an IBM report earlier this year noted not only that remote work was a clear factor in many breaches but that the average cost of those breaches was on the rise. IBM calculated that the average cost of a breach was $1.07 million higher in breaches where remote work was a factor in causing the breach.

Another interesting contention in the ENISA report is that the rise of cyber insurance is driving the explosion of ransomware attacks. The report cites research done by the Royal United Services Institute, an independent think tank, that makes the point that “ransomware coverage in insurance policies is not only encouraging threat actors, but the practice may be fueling the entire ransomware economy.” The problem, according to the report, is basically that insurance carriers are not being aggressive enough in requiring baseline security requirements before issuing policies.

Encouraging a zero-trust security philosophy and the adoption of SASE solutions would clearly benefit the entire market, particularly now that so many breaches are exploiting remote-work technology. The ENISA report, for example, recommends, among other things, the implementation of least privilege access controls and more rigorous network segmentation. The IBM report discussed earlier found a significant reduction in the average cost of breach for organizations that had fully embraced zero trust. Compared to organizations that had not adopted zero trust technologies, those at a “mature stage” of deployment had average breach costs that were 42.3% lower.

As we discuss in our new SASE report, hybrid workforce access is a primary driver of the adoption of SASE, and particularly zero trust network access (ZTNA) products. We expect VPN augmentation or replacement to remain a top use case based on the ability of SASE to provide better scalability, management, and security for hybrid or remote work. A related driver is the need for more sophisticated compliance management. Many early adopters have been forced by COVID-19-related changes to remote work policies to provide more fine-grained compliance policies. Security policies can be tailored to geographies, specific industry regulations, and generalized privacy needs such as data disclosure restrictions and anonymization.

The second annual Futuriom Cloud Secure Edge and SASE Trends report can be found here.