More than a year after the mass shift to remote working, over half (54 percent) of organizations are still experiencing downtime and disruption as a result of network security issues according to new data from the Neustar International Security Council (NISC).
Surveying security professionals across EMEA and the US, 61 percent of respondents reported suffering either significant or moderate downtime or disruption in the first six months of the pandemic, caused by employees having to work from home.
Despite many organizations making changes over the last year to adapt to this unexpected way of working, the problem has persisted, with the number of businesses suffering downtime dropping by just 7 percent in the last six months.
“Over the last year, businesses have had no choice but to re-think their approach to network security. However, while many have made major improvements to facilitate and protect the newly remote workforce, cyber criminals have also used the time to sharpen their skills,” said Rodney Joffe, Chairman of NISC and Senior Vice President and Fellow, Neustar. “As companies have continued to adapt, bad actors have become more sophisticated, exploiting the disruption for their own malicious gain.”
Despite these issues the majority of respondents remained optimistic, with 89 percent agreeing that the challenges posed by the pandemic have strengthened their organization’s network security against potential future attacks. In addition, 79 percent believed that the situation over the last year has triggered an improvement to their corporate VPNs to make them more secure.
“The challenge with using VPNs to allow the workforce to log on remotely is that cyber criminals understand that the hardening of connectivity from a denial-of-service point of view hasn’t always been done.” Joffe said. “The very nature of VPNs is that they have to be encrypted all the way. You don’t, therefore, have the ability to use normal methods to examine whether the traffic running through a VPN is actually an attack. A DDoS attack that is encapsulated in a VPN packet will only be revealed when the packet reaches the VPN server and is opened up – by then, it’s too late. For this reason, VPNs will continue to be the target of choice, it’s down to the organization itself to make them as secure as possible.”
Findings from the latest NISC research also recorded positive feedback from security professionals around security awareness levels across the wider businesses. As a result of the pandemic, 9 in 10 respondents were at least somewhat confident that most executives in their organization now have a greater level of understanding and appreciation for network security, with 41 percent feeling very confident.
During January and February of this year, DDoS was considered the greatest concern for respondents (23 percent), closely followed by system compromise (22 percent) and ransomware (17 percent). CTOs, CISOs and other security professionals also perceived criminals to be the most likely threat (74% percent), an increase on the 58 percent average response to the survey over 23 months. Social activists (56 percent), nation/state actors (53 percent) and insiders (51 percent) were also notably higher than their average percentages.
The survey was conducted in March 2021, with responses from 309 professionals from across France, Germany, Italy, Spain, the UK and US markets. All were in senior positions within their organizations and able to provide informed opinions about cyber security issues.