The abrupt shift to remote working has created a more challenging and complicated environment when it comes to cybersecurity. IT and security professionals now have to struggle to keep track of all the remote endpoints that access their organization’s network, including work devices and personal devices. A report released Thursday by network security provider Illumio explains how this situation could leave organizations more susceptible to ransomware and discusses how they can better protect themselves.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
Based on a survey of IT professionals at 344 mid-sized and large companies, Illumio found that most lack visibility into their remote endpoints, while few have an effective way to stop ransomware from spreading after an initial breach.
Although many organizations have ransomware recovery plans, several would be willing to pay attackers in a worst-case scenario. Further, pre-emptive zero trust controls are not always fully implemented to prevent attackers or ransomware from moving laterally across the network.
Among the respondents, more than half (59%) said they couldn’t view attempted connections to work laptops from devices on the local home network. Some 45% said they rely on the visibility of their VPN to see which remote devices are accessing the network. Additionally, 26% depend on their endpoint detection and response (EDR) tools to view traffic and connections from local home networks.
“Since the VPN cannot see home network traffic, respondents assume the visibility they get from a VPN is sufficient, when, in fact, it leaves them blind to the environment that work devices are actually running in,” Matthew Glenn, senior VP president of product management at Illumio, said in a press release. “Devices on home networks are vulnerable to peer-to-peer and lateral attacks from unwitting family members. These vulnerable endpoints risk exposing an entire organization to systemic risk, even while workers are connected over a VPN.”
SEE: Emotet malware taken down by global law enforcement effort (TechRepublic)
In the aftermath of a ransomware attack, 81% of those surveyed said they would need at least two to three days to recover fully, during which some would likely be operating at less than a quarter of their normal capacity. Some 74% said they rely on EDR tools alone to contain the spread of ransomware. And they expect such tools to block every initial attack, detect any malicious behavior, and isolate any infected endpoints.
Asked how they would stop ransomware from moving from one laptop to another during a breach, most said they’d have to rely solely on traditional endpoint security (anti-virus, EDR, etc.) to block the initial attack. Though zero trust tools and technologies are gaining traction, most of those surveyed said they have yet to deploy such controls to prevent the spread of ransomware.
“EDR and EPP solutions are an important part of any cybersecurity strategy, but the rise and success of ransomware proves that alone they are not enough,” said PJ Kirner, CTO and co-founder at Illumio. “Security teams need deeper defenses, particularly on the endpoint, but they really need an end-to-end strategy from the endpoint through the data center and cloud. Especially as we navigate hybrid working models at scale, it’s crucial that organizations incorporate zero trust strategies into their cybersecurity approach.”
To further protect your organization’s endpoints from ransomware attacks, Illumio offers one more recommendation: Network and resource segmentation.
“It is important to plan for the entire attack life cycle, and one of the simplest ways to do that is to segment resources to stop lateral movement between both endpoints and host workloads,” the report advised. “Many of the new cybersecurity frameworks around the world like zero trust, NIST, and NIS-D all require some segmentation of critical data and infrastructure. Being able to do this simply and at scale is going to be a focus for many in 2021.”