Nearly two-thirds of companies report disruptions to network security business practices due to sudden shift to work-from-home model

Published: Wednesday, 29 April 2020 09:31

Nearly two-thirds (64 percent) of companies experienced at least moderate disruptions to their network security business practices – and nearly a quarter (23 percent) experienced major disruptions – due to the sudden shift to a work-from-home model as a result of the COVID-19 pandemic. This was one of the key findings from a new report from the Neustar International Security Council (NISC), released recently by Neustar, Inc.

The report, based on a recent survey of cyber security professionals, also reveals that 29 percent of companies did not have a fully executable business plan in place to keep their network secure in the event of a major crisis such as the current pandemic.
In addition, survey responses indicate that only 22 percent of corporate virtual private networks (VPNs) have handled the work-from-home shift with no connectivity issues, while 61 percent experienced minor connectivity issues.

“Social distancing measures that call for employees to work from home when possible have dramatically changed patterns of connection to enterprise networks,” said Rodney Joffe, Chairman of NISC, SVP and fellow at Neustar. “More than 90 percent of an organisation’s employees typically connect to the network locally with a slim minority relying on remote connectivity via a VPN, but that dynamic has flipped. The dramatic increase in VPN use has led to frequent connectivity issues, and - especially considering the disruption to usual security practices - it also creates significant risk, as it multiplies the potential impact of a distributed denial-of-service (DDoS) attack. VPNs are an easy vector for a DDoS attack.”

With IT teams stretched particularly thin at the moment, bad actors can take advantage of the chaos to exploit any vulnerabilities and launch volumetric attacks, network protocol attacks or application-layer attacks - locking out employees and paralysing business operations.

The latest NISC report reveals a sharper than usual uptick in threats over the two months covered by the most recent survey.

In March, when asked which cyber threats had caused the highest level of concern over the previous two months, the surveyed security professionals ranked DDoS attacks as their greatest concern (23 percent), followed by system compromise (22 percent) and ransomware (18 percent). Social engineering via email was most likely to be perceived as an increasing threat to organisations (61 percent), followed by DDoS attacks (59 percent) and ransomware (58 percent); these figures averaged 48 percent, 49 percent and 48 percent, respectively, over the full 17 months of survey responses.

Methodology

The International Cyber Benchmarks Index is based on a bimonthly online survey of security professionals, conducted by Harris Interactive on behalf of NISC. Participants in the March 2020 survey comprise 303 professionals across five European markets and the United States. All are in senior positions within their organizations and are able to provide informed opinions about cyber security

www.nisc.neustar