Forrester’s recent Beyond Boundaries [1] report asked 426 security professionals, 422 executives and 479 remote workers about the impact the Corona pandemic and the associated shift to the home office had on them, and how this will affect the way cybersecurity risks are managed in the future.
Drastic Growth of the Attack Surface
The sudden emigration of millions of workers to the home office had a dramatic impact on corporate IT security. The attack surfaces increased significantly, and successful breaches became more common. 92% of executives confirmed hacker attacks or related data leaks which tremendously affected their business operations. Over two-thirds of the attacks were directed against remote workers and three-quarters of the decision-makers attribute the attacks to vulnerabilities created by pandemic-related changes.
Five Important Insights
- Home offices are here to stay. Seven out of ten companies announced they will have employees working from home one or more days a week within the next 12 to 24 months.
- Home networks and connected devices are often not adequately protected. Just a third of security leaders claim they have enough staff to monitor their organizations’ attack surface.
- Cyber-attacks targeting remote employees are on the rise. Over 60 percent of the participants documented attacks targeting remote workers.
- Security policies and technologies that focus the network perimeter are no longer sufficient, as they can’t stop the malware and phishing attacks that make up the bulk of today’s breaches.
- Companies are willing to strengthen their defence with additional security investments. 80 percent of organisations are planning to increase their spending for network and data security, two thirds want to invest in endpoint security and IAM.
Companies Are Looking to Invest
The pandemic has made it clear to organisations that they need to improve their overall security posture. To this end, 96% of security leaders plan to increase their security staff within the next 24 months. In addition, two-thirds of them plan to spend more on network, data, cloud and endpoint security. 65% of organisations plan to invest in credential management, identity and access management, and privileged access management.
Trust No One, Verify Everyone
Protecting the network perimeter is no longer sufficient due to the increased attack surface. Therefore, a consistent Zero Trust approach is quickly becoming the new state-of-the-art. This granular, data-centric approach protects resources by granting access only in the right context, and only to authenticated users or devices. Zero Trust also prevents vertical network infiltrations by preventing attackers from gaining higher privileges and access rights.
The tl;dr-Series for IAM
With the tl;dr-series for IAM (too long; didn’t read) I try to summarise important and interesting articles that came across my reading list. Feel free to reach out with feedback and recommendations of articles that matter.