Nearly two thirds of companies experienced at least moderate disruptions to their network security business practices – and nearly a quarter (23 percent) experienced major disruptions – due to the sudden shift to a work-from-home model as a result of the COVID-19 pandemic, according to a new report.
Security outfit Neustar has just released its Neustar International Security Council (NISC) report noting that that more than 29 percent of companies did not have a fully executable business plan in place to keep their network secure in the event of a major crisis such as the current pandemic.
In addition, survey responses indicate that only 22 percent of corporate virtual private networks (VPNs) have handled the work-from-home shift with no connectivity issues, while 61 percent experienced minor connectivity issues.
Rodney Joffe, Chairman of NISC, SVP and Fellow at Neustar said: ““Social distancing measures that call for employees to work from home when possible have dramatically changed patterns of connection to enterprise networks. More than 90 per cent of an organisation’s employees typically connect to the network locally with a slim minority relying on remote connectivity via a VPN, but that dynamic has flipped. The dramatic increase in VPN use has led to frequent connectivity issues, and — especially considering the disruption to usual security practices — it also creates significant risk, as it multiplies the potential impact of a distributed denial-of-service (DDoS) attack. VPNs are an easy vector for a DDoS attack.”
The report said that with IT teams stretched particularly thin at the moment, bad actors can take advantage of the chaos to exploit any vulnerabilities and launch volumetric attacks, network protocol attacks or application-layer attacks — locking out employees and paralysing business operations. In addition to this, volumetric attacks are increasing in size.
Neustar mitigated a 1.17 terabyte attack, which required a unique and diverse set of tactics in order to successfully fend off the attack. “In times like these,” continued Joffe, “an always-on managed DDoS protection service is critical. A purpose-built mitigation solution like Neustar’s cloud-based UltraVPN Protect can keep remote workforces connected and productive and ensure that business continues without interruption”.
The latest NISC report reveals a sharper than usual uptick in threats over the two months covered by the most recent survey. The International Cyber Benchmarks Index, which reflects the overall state of the cybersecurity landscape, reached a new high of 33.1 percent in March 2020.
In March, when asked which cyberthreats had caused the highest level of concern over the previous two months, the surveyed security professionals ranked DDoS attacks as their greatest concern (23 percent), followed by system compromise (22 percent) and ransomware (18 percent). Social engineering via email was most likely to be perceived as an increasing threat to organisations (61 percent), followed by DDoS attacks (59 percent) and ransomware (58 percent); these figures averaged 48 percent, 49 percent and 48 percent, respectively, over the full 17 months of survey responses.