The COVID-19 pandemic and the shift to contactless commerce is driving major changes in business models and forcing business leaders to re-think the way they operate – particularly as local governments require or recommend employees work from home. Under normal circumstances, businesses would make this shift over an extended period of time to ensure a seamless transition. However, the pandemic forced a sudden and massive shift to work-from-home which added more stress to already stretched IT teams, and often creating new security challenges.
In the new 2020 Remote Workforce Cybersecurity Report, Fortinet explores the challenges of remote working and how organizations of all sizes are planning to support the new normal. In fact, nearly a third of businesses who moved to a remote work model now say that at least half of their employees will continue to work remotely even after the pandemic has passed.
The Sudden Shift to Telework Was Challenging for Most Organizations
As expected, a rapid shift to a new work paradigm was not easy. Nearly two-thirds of businesses had to transition over half of their workforce to remote work practically overnight. And eighty-three percent of those organizations found this transition moderately, very, or extremely challenging. They faced the most significant difficulties when it came to secure connectivity, followed by business continuity assurance, and access to business-critical applications.
One of the challenges was that many did not have the security infrastructure in place to manage the volume of VPN connections that were suddenly required. Many traditional NGFW solutions were simply unable to scale as broadly as possible. And worse, they were unable to provide deep inspection of that VPN traffic without severely impacting the performance of business-critical applications and services.
This fact was not lost on cybercriminals, who were quick to target and exploit remote workers and their home networks to establish remote connections into corporate networks. Cyber adversaries – from opportunistic phishers to nation-state actors – found numerous ways to exploit the global pandemic, as seen in a recent FortiGuard Labs Global Threat Landscape Report. For example, the top exploits detected by globally deployed IPS sensors showed a shift in attacks away from traditional networking gear to consumer-grade routers and vulnerable systems deployed on home networks, such as DVRs.
And this attack strategy, one that relies on exploiting fears about the pandemic using targeted spam and phishing tactics, has been quite successful. 60% of organizations revealed an increase in cybersecurity breach attempts following their transition to a remote workforce, while 34% reported actual breaches in their networks.
Enterprises Must Adapt to Long-Term Secure Telework
Given these security challenges, which don’t show any signs of abating, security leaders must carefully consider what technologies and strategies are required to secure telework now and going forward. But what’s clear is that to ensure the protection of corporate data and assets, organizations must adapt their cybersecurity policies to account for the extension of the network perimeter to the home.
Almost all organizations surveyed expect to invest more to secure telework long-term, with 92% of enterprises expecting an increase in security budget for remote work security issues, and nearly 60% reporting that they will spend more than $250,000 in secure telework investments in the next 24 months. Moving forward, the majority of enterprises surveyed also intend to make previously unplanned upgrades to their existing systems to secure telework, as well as adding new technologies not previously in place. Here are three examples.
- VPN and Cloud Security: Nearly 50% of organizations have made new investments in VPN and cloud security technologies to ensure the protection of data on the corporate network and business-critical applications in the cloud.
- Skilled IT Workers: 40% of those surveyed also focused on hiring additional skilled IT workers to support the increased reliance on IT staff to enable security and productivity for employees working from home.
- Business Continuity Plans: Only 40% of organizations had a business continuity plan in place prior to the pandemic. But as a result of the pandemic and the rapid shift to remote work, 32% have now invested further in this area. These plans are critical in ensuring continued operations in times of crisis, and those that did not have one in place quickly recognized the need for one.
Additional Investment Areas To Maximize Secure Telework
While organizations have made improvements in securing their remote workforces, survey data reveals several areas that could be considered opportunities for improving secure remote connectivity. These areas include:
- Multi-factor Authentication (MFA) – While the survey revealed that 65% of organizations had some level of VPN solution in place pre-pandemic, only 37% of used multi-factor authentication (MFA). While VPNs play an important role in ensuring secure connectivity, they are simply one part of securing access. If not already in place, it is recommended that organizations consider integrating MFA into their remote security plans to prevent cybercriminals from spoofing remote workers to gain unauthorized access to network resources.
- Network Access Control (NAC) and Endpoint Security – As more employees now work remotely, organizations have had to address the challenge of controlling the influx of non-trusted devices on their networks. As a result, 76% of organizations plan to acquire or upgrade their NAC technologies. By adopting NAC solutions, IT teams gain increased visibility and control over the users and devices on their network. Going further, many organizations are also planning to leverage NAC as part of a more comprehensive zero-trust network access strategy so that access protections can be extended deep into the network.
Organizations also have concerns over the security of the endpoint devices being used by remote workers, and the risks they can introduce to the network once they have been given network access. Which is why 72% of organizations also plan to acquire or enhance endpoint security with endpoint detection and response (EDR) solutions. EDR solutions deliver advanced, real-time threat protection for endpoints both pre- and post-infection.
- Software-Defined Wide Area Networking (SD-WAN) for the Home: 64% of organizations plan to either upgrade or adopt SD-WAN specifically for the home office. The critical advantage of extending secure SD-WAN functionality to individual teleworkers, especially super users, is that they can enjoy on-demand remote access, secure WiFi for better home office flexibility, and dynamically scalable performance regardless of their local network availability through redundant connections leveraging things like LTE.
- Secure Access Service Edge (SASE) – SASE is an emerging enterprise strategy, but it is increasingly being seen as an opportunity to combine network and security functions with WAN capabilities to more fully support the dynamic, secure access needs of today’s organizations. Prior to the pandemic, 17% of organizations had already made investments in SASE, and an additional 16% have invested in SASE as a result of the pandemic. And now, 58% of organizations plan to invest in SASE to some degree going forward.
- Segmentation – Although there is no one definition of segmentation, traditional network-based segmentation strategies for example, stop at the edge of each network environment. Therefore, segmentation needs to evolve to adapt to the explosive adoption of IoT and mobile devices, as well as applications and services from multiple clouds, which are pushing the attack surface beyond the traditional network boundaries. 60% or organizations plan to upgrade or invest in segmentation, this is timely as networks invert and the perimeter extends into the home.
- Skilled Security Professionals – While 73% of organizations stated their intention to invest further in skilled IT workers in the next 24 months, the historical lack of skilled IT security professionals could present a challenge as accelerated cloud demand exacerbates shortage of cloud and security architects.
Securing Remote Connectivity Well into the Future
Now that organizations have made it through their initial transition to remote work, IT decision makers should pause and assess what worked and what didn’t along with planning for the additional investments to secure telework over the long-term. This starts with a clear-eyed understanding of what challenges they currently face, and may require the assistance of outside resources, such as those provided by the FortiGuard Labs team.
While the rapid pace of change being experienced by many organizations may seem daunting, a holistic cybersecurity strategy, such as one built around a security fabric approach, can help simplify planning and maximize investments that businesses are preparing to make. By implementing security solutions that work together, organizations can realize comprehensive visibility and control over their entire digital infrastructure—including expanding networks, increased reliance on applications, the expansion of multi-cloud strategies, and the growth of mobile environments. As a result, organizations can ensure secure, high-performance connectivity for any worker, from any location or device, now and into the future.
Read more about how Fortinet customers are maintaining business continuity at scale with integrated and secure Fortinet Teleworker solutions.
Copyright © 2020 IDG Communications, Inc.