A Changing Corporate Infrastructure
A common joke is that COVID-19 is the main driver behind many companies’ digital transformation efforts. However, while COVID-19 did indeed have a significant impact on how daily business is conducted, it mainly served to accelerate existing trends. In 2021, the rapid evolution of the corporate IT infrastructure has a significant impact on cybersecurity as security teams address increased telework, cloud adoption, and the rise of the hybrid data center.
The Move to Remote Work
The COVID-19 pandemic drove the move to remote work in 2020. However, in 2021 as a return to the office becomes a possibility, many organizations are choosing not to return to a fully on-prem workforce.
Supporting remote or hybrid work models provides several advantages to an organization. The flexibility that remote work offers is an attractive incentive to many employees. Support for telework provides access to a global talent pool. Remote or hybrid workers require less dedicated office space, decreasing infrastructure costs.
As remote work becomes commonplace, organizations are searching for ways to support and secure their remote workforce. Many of the solutions put into place in 2020 were unsustainable or insecure, making secure remote work solutions a priority for many organizations.
Expansion of the Cloud
The COVID-19 pandemic in 2020 accelerated the trend of cloud adoption. The need to support a remote workforce drove organizations to deploy and use cloud-based solutions. The pandemic also demonstrated the need for resiliency, which is one of the main selling points of cloud computing.
While organizations have moved quickly to adopt cloud computing, cloud security has lagged behind. Traditional security solutions and methodologies do not always translate well to cloud environments, and a variety of vendor-specific platforms and security solutions makes it difficult to achieve consistent security across an organization’s entire environment. As enthusiasm for the cloud meets corporate security policies and regulatory requirements, organizations are increasingly in need of solutions that enable them to effectively and scalably manage the security of their cloud deployments.
Migration to Hybrid Data Centers
The cloud provides a number of potential advantages to an organization, including flexibility, scalability, resiliency, and cost savings. However, some enterprise applications and data must be hosted on-prem to comply with corporate security policy or regulatory requirements.
Since full cloud adoption is not an option, many organizations are turning to hybrid data centers to allow them to take advantage of the cloud to the greatest extent possible. Hybrid data centers link cloud-based infrastructure with on-prem data centers, enabling data and applications to flow seamlessly between the two environments to meet business needs.
However, while a hybrid data center provides many advantages, it also creates significant security challenges. Cloud deployments and on-prem data centers are very different environments, making it difficult to consistently enforce security policies for applications and data across both environments. Doing so requires security solutions that can operate in all deployment environments and provide consolidated security monitoring and management for an organization’s entire IT architecture.
An Evolving Threat Landscape
In 2020, many cybersecurity trends – such as an increase in ransomware attacks, exploitation of remote workers, and increased attacks on endpoints and mobile devices – were largely attributed to the pandemic. However, in 2021, as the pandemic begins to abate, many of these trends in cyberattacks have only accelerated.
The Rise of Ransomware
In 2020, ransomware activity surged as cybercriminals took advantage of the COVID-19 pandemic, which drove the deployment of insecure remote access solutions and left organizations more vulnerable to phishing attacks and exploitation of unpatched vulnerabilities. However, the ransomware pandemic has not yet abated. In fact, ransomware attacks are continuing to surge, growing by 93%.
One of the biggest drivers of the growth in ransomware attacks is the emergence of the Ransomware as a Service (RaaS) attack model. Under the RaaS model, ransomware developers distribute their malware to “affiliates” for use in their attacks. By placing sophisticated malware in the hands of more cybercriminals, RaaS increases the number and success rate of ransomware attacks. This has led to a number of major ransomware incidents, including the Colonial Pipeline, Microsoft Exchange, and Kaseya hacks.
While ransomware attacks have grown more common, they have grown more dangerous as well. In 2019, ransomware gangs debuted the “double extortion” attack, where ransomware malware stole data from a computer before encrypting it. In 2020, the “triple extortion” attack emerged, where the ransomware operators would also demand a ransom from a victim’s customers, partners, or other parties whose sensitive data was stolen as part of the attack. In February 2021, the REvil group added an additional component, using Distributed Denial of Service (DDoS) attacks and phone calls to the media and business partners to put additional pressure on the victim to pay the ransom. These variations on the ransomware attack cause additional damage to an organization and its reputation.
Exploiting Remote Access Solutions
The rise of ransomware in 2020 and into 2021 was enabled by the widespread adoption of remote work. As organizations began allowing telework, they needed to deploy remote access solutions for their employees.
The increased usage of virtual private networks (VPNs) and the Remote Desktop Protocol (RDP) created opportunities for cybercriminals. Credential stuffing attacks and exploitation of VPN vulnerabilities became the most common methods by which ransomware operators gained access to organizations’ networks and delivered their malware.
A Renewed Focus on the Endpoint
The growth of remote work had a dramatic effect on corporate digital attack surfaces. Instead of sitting behind the corporate network perimeter with its array of security defenses, employees now work from devices connected directly to the public Internet.
As a result, the endpoint has become the new network perimeter and is more vulnerable than ever before. Employees working from home are more likely to be incautious and violate corporate policies, and remote devices are often slower to receive updates and security patches. Remote employees and devices are more likely to fall prey to a cyberattack.
However, the need to sustain operations means that organizations need to allow these potentially compromised devices to have access to corporate applications and other resources.
Increased Mobile Security Threats
The use of mobile devices for business purposes has become commonplace in recent years as companies have supplied corporate smartphones or permitted the use of personal devices through Bring Your Own Device (BYOD) policies. However, the COVID-19 pandemic caused a dramatic increase in mobile device usage as employees worked from whatever devices were available. As a result, mobile devices have become a mission-critical component of many organizations’ IT infrastructures.
With the increased use of mobile devices came a greater focus on them by cybercriminals. In 2021, mobile devices face a wider range of security threats than they did in the past. Read more about the new mobile threat landscape in Check Point’s 2021 Mobile Security Report.
A New Approach to Security
COVID-19 and digital transformation initiatives have left security teams with a complex environment to protect against sophisticated and evolving threats. In response, many organizations are pursuing initiatives intended to redesign their security to meet the needs of the modern, distributed enterprise. Two of the most significant trends are a move towards security consolidation and the replacement of legacy security technologies with modern alternatives.
Consolidating Security Architectures
Historically, many organizations have addressed security challenges by deploying specialized, standalone security solutions. However, as corporate IT environments have become larger and more complicated and the cyber threat landscape has evolved, this has resulted in a complex array of isolated security products.
These disaggregated security architectures are difficult for an organization’s security team to monitor and manage. Often, security teams are overwhelmed by large volumes of security alerts, and the need to switch between multiple dashboards and systems slows threat detection and response. As a result, incident response is delayed, and cybersecurity incidents incur more damage and cost to the organization.
Since IT environments will only grow more complex and cyber threats continue to mature, organizations are focusing their efforts on streamlining and consolidating their cyber security architectures. By bringing security monitoring and management under the umbrella of a single solution with a single dashboard, security teams can more easily enforce consistent security across their environments and more quickly and effectively detect, investigate, and respond to cyber threats.
Adopting Next-Generation Security Solutions
Corporate IT environments are changing rapidly, and organizations are looking to secure their new cloud infrastructure and remote workforce. As a result, there has been increased interest in several next-generation security technologies, including:
- XDR: Extended Detection and Response (XDR) solutions address the endpoint security challenges created by a transition to a remote or hybrid workforce. XDR solutions offer proactive protection against cyber threats by enabling an organization to achieve increased visibility across multiple attack vectors and improve productivity via the use of security automation and centralized security monitoring and management.
- SASE: Secure Access Service Edge (SASE) is designed to consolidate an organization’s networking and security solutions into a single cloud-based appliance. SASE solutions use software-defined WAN (SD-WAN) functionality to optimize traffic routing between SASE points of presence (PoPs). Since these PoPs integrate a full security stack, SASE offers consolidated security monitoring and management across an organization’s entire distributed infrastructure.
- ZTNA: Zero-Trust Network Access (ZTNA) is an alternative to the legacy VPN for secure remote access. Unlike a VPN, which provides full access to the corporate network to authenticated users, ZTNA implements zero trust principles and provides access to resources on a case-by-case basis. Deploying ZTNA – also known as a software-defined perimeter (SDP) – enables an organization to more securely support a remote workforce and protect itself against attempted exploitation of remote access solutions.
Bolster Your Cybersecurity with Check Point
Security is growing increasingly complex in 2021. Enterprise IT environments are evolving rapidly, and new cyber threats are emerging. As a result, organizations are looking to consolidate their security architectures and deploy advanced solutions designed to meet the security needs of the modern, distributed enterprise.
Check Point Harmony Suite provides unified protection across an organization’s entire IT environment, including endpoints, mobile, cloud, and email. With AI-driven threat prevention and detection and curated threat intelligence, Harmony Suite can secure the enterprise against both known and novel attacks.
To learn more about the 2021 cyber threat landscape, check out Check Point’s 2021 Cyber Security and Mobile Security reports. You’re also welcome to request a demo to learn about Harmony Suite’s capabilities and to see how it can protect your organization against these evolving threats.
Feedback