I think we can all agree that 2020 was a year like no other, and that’s not even counting toilet paper panics and murder hornets. The year’s defining event was, of course, a pandemic that impacted almost every aspect of our personal and professional lives.
Although the coronavirus caused extreme business disruption, it also revealed a surprising level of technical proficiency and resilience. Businesses worldwide were forced to take drastic measures to remain operational, and the results were actually quite remarkable under the circumstances. IT teams everywhere rose to the occasion, enabling an overnight shift to work-from-home operations despite equipment shortages, software issues, hardware failures and connectivity problems. Remote work has been so successful that most organizations plan to give employees the option to remain at home in a post-pandemic world.
Unfortunately, the pandemic also sparked a massive surge in cybercrime. Cyberattacks have increased by as much as 400 percent in some industries as threat actors exploited our increased anxiety about the pandemic and the lax security measures being used by millions of at-home workers. Security firm McAfee estimates cybercrime costs for 2020 at $1 trillion, almost double the previous year’s total.
Some of this increase is due to the increased automation of cyberattacks. In a recent experiment, researchers set up a honeypot — a server for a fake online financial firm — and exposed usernames and passwords in a dark web market. A single automated bot needed only 15 seconds to break in, scan the network, collect credentials, siphon off data and create new user accounts so attackers could gain access later.
Additionally, automated ransomware delivery kits designed for attacking thousands of random IP address and targets are available on the dark web for only about $200. Subscription-based Ransomware-as-a-Service (RaaS) exploits cost about $50 a month.
Because the pandemic has fundamentally altered the threat landscape, security pros recognize that they need to change their approach to security. That’s why many are planning to replace vulnerable VPNs with zero-trust security solutions. Gartner analysts predict that 60 percent of companies will phase out their VPNs in favor of zero-trust network access over the next three years.
Phasing Out VPNs
VPNs have long been the go-to solution for remote access to applications and data residing in the company data center, but they are part of an increasingly dated security model. Conventional perimeter-based defenses such as VPNs are designed to block malicious outsiders and protect trusted insiders, but that approach is no longer entirely effective with mobile and remote employees requiring access from beyond the perimeter.
The zero-trust approach assumes there are malicious actors on either side of the perimeter. That’s a fair assumption. According to the Verizon 2020 Data Breach Investigations Report, 34 percent of all data breaches involve internal actors. To be safe, zero-trust solutions treat everyone and everything accessing network resources as a threat until their identity has been verified and validated.
Zero trust doesn’t replace perimeter security but augments it with a variety of tools designed to verify the identity of every user, validate every device and limit access to a need-to-know basis. Core zero-trust technologies include identity and access management (IAM), multifactor authentication, real-time user verification, device validation, privilege limitations and network segmentation.
Operational changes made in response to the coronavirus have unfortunately contributed to an epidemic of cybercrime in 2020. Criminals looking to exploit the crisis have launched waves of network attacks, malware campaigns and phishing scams. The security pros at RMM Solutions can help you address increased vulnerabilities with zero-trust security solutions. Give us a call to learn more about improving your security posture in 2021. Regrettably, there’s not much we can do about the murder hornets.