Lack of visibility into remote endpoints leaves companies vulnerable to ransomware
Illumio released findings on visibility and security practices for remote endpoints, revealing how vulnerable organizations are to ransomware propagating throughout the network and the impact large-scale breaches have on a business – essentially grinding operations to a halt.
The report uncovers the risks businesses face from having large swaths of their employees work from home and explores what this means as workers come back to the office part-time.
Most organizations have a severe lack of visibility into remote endpoints, and few have a way to stop ransomware from spreading throughout their network after an initial breach. Vulnerable and potentially infected endpoints can cause even more damage when employees bring their laptops back to the office and connect to the campus network.
Poor visibility into remote endpoints creates risk
Illumio surveyed IT professionals at 344 mid- to large-sized corporations and found that 59 percent of respondents are unable to see attempted connections to work laptops from other devices on the local home network.
The survey also revealed that 45 percent are limited to the visibility of the VPN, while 26 percent rely on their endpoint detection and response (EDR) tools to see traffic and connections on the local home network.
Despite the desire to deploy software-defined perimeters, the survey revealed that the VPN still plays an outsized role in network security: 90 percent of respondents require employees to use a VPN at least some of the time.
“Since the VPN cannot see home network traffic, respondents assume the visibility they get from a VPN is sufficient, when, in fact, it leaves them blind to the environment that work devices are actually running in,” said Matthew Glenn, senior VP of product management at Illumio.
“Devices on home networks are vulnerable to peer-to-peer and lateral attacks from unwitting family members. These vulnerable endpoints risk exposing an entire organization to systemic risk, even while workers are connected over a VPN. Once employees begin returning to the office, connecting potentially compromised devices to the corporate network will pose an even greater threat.”
Without zero trust, organizations are more vulnerable to ransomware attacks
A ransomware “snow day” – the time that an organization is down due to an attack – is hugely detrimental for businesses. 81 percent would need at least two to three days to recover fully, operating at less than a quarter of their normal capacity in the meantime. This means losing at least an entire business day of productivity.
While all businesses are concerned about ransomware, the data suggests that they are ill-equipped to prevent or contain it. Seventy-four percent noted that they rely on endpoint detection and response tools alone to contain the spread of ransomware, expecting them to block every initial attack, detect its malicious behavior, and isolate the infected endpoint after detection. This leaves businesses vulnerable to new or modified threats that remain undetected for hours or days and then move laterally to other endpoints and data centers.
The survey also asked respondents how they plan to stop ransomware from moving between laptops in the event of a breach. While zero trust technologies continue to gain traction, most organizations have not yet deployed zero trust controls to proactively contain lateral movement or the spread of ransomware. Instead, most rely solely on traditional endpoint security (next-generation anti-virus, endpoint detection and response, etc.) to simply block ransomware from initial entry.
“EDR and EPP solutions are an important part of any cybersecurity strategy, but the rise and success of ransomware proves that alone they are not enough,” said PJ Kirner, CTO at Illumio.
“Security teams need deeper defenses, particularly on the endpoint, but they really need an end-to-end strategy from the endpoint through the datacenter and cloud. This is the only means of stopping ransomware from spreading throughout your network and reaching crown jewel applications. Especially as we navigate hybrid working models at scale, it’s crucial that organizations incorporate zero trust strategies into their cybersecurity approach.”
Decrease in firewall spending in 2021
Compounding the issue is that businesses will likely invest less this year in campus security and networking technology, since they may want to delay major investments and upgrades until the workforce fully returns to the corporate office.
The survey revealed that IT teams prioritized cybersecurity spending in 2021 but were most likely to spend less on firewalls (30 percent), Wi-Fi technology (26 percent), and network access control (25 percent). This means that businesses will likely make do with what they have and as a result, could be more vulnerable to an evolving threat landscape in 2021, as the workforce returns and begins rotating between remote and office networks.