“Over the last year, businesses have had no choice but to re-think their approach to network security. However, while many have made major improvements to facilitate and protect the newly remote workforce, cyber criminals have also used the time to sharpen their skills,” said Rodney Joffe, Chairman of NISC and Senior Vice President and Fellow, Neustar. “As companies have continued to adapt, bad actors have become more sophisticated, exploiting the disruption for their own malicious gain.”
Yet, the majority of respondents remained optimistic, with 89% agreeing that the challenges posed by the pandemic have strengthened their organisation’s network security against potential future attacks. In addition, 79% believed that the situation over the last year has triggered an improvement to their corporate VPNs to make them more secure.
“The challenge with using VPNs to allow approximately 95% of the workforce to log on remotely is that cyber criminals understand that the hardening of connectivity from a denial-of-service point of view hasn’t always been done.” Joffe continued. “The very nature of VPNs is that they have to be encrypted all the way. You don’t, therefore, have the ability to use normal methods to examine whether the traffic running through a VPN is actually an attack. A DDoS attack that is encapsulated in a VPN packet will only be revealed when the packet reaches the VPN server and is opened up – by then, it’s too late. For this reason, VPNs will continue to be the target of choice, it’s down to the organisation itself to make them as secure as possible.”
Findings from the latest NISC research also recorded positive feedback from security professionals around security awareness levels across the wider businesses. As a result of the pandemic, 9 in 10 respondents were at least somewhat confident that most executives in their organisation now have a greater level of understanding and appreciation for network security, with 41% feeling very confident.
During January and February of this year, DDoS was considered the greatest concern for respondents (23%), closely followed by system compromise (22%) and ransomware (17%). CTOs, CISOs and other security professionals also perceived criminals to be the most likely threat (74%), an increase on the 58% average response to the survey over 23 months. Social activists (56%), nation/state actors (53%) and insiders (51%) were also notably higher than their average percentages.