Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 블로그

구독

Protecting the Atomized Attack Surface: Cybersecurity in the New World of Work

A new study reveals how moving to a remote workforce model and migrating business-critical functions to the cloud are exposing the vast majority of organizations to increased risk.

The next 18 months are going to test the mettle of cybersecurity organizations around the globe like never before.

The attack surface has been atomized by systems put in place to support remote work in response to the COVID-19 pandemic, all of which are well on their way to becoming permanent fixtures as the boundaries between office and home blur. The SolarWinds and Kaseya attacks heighten concerns about the integrity of the software supply chain. And the cloud is no longer optional — it's a crucial enabler of critical business functions in a workplace without boundaries.

What does all this mean for security leaders? We believe it represents an opportunity to rethink what's considered an "asset" and how a "vulnerability" is defined — and how to improve visibility into both — all while keeping employees productive and safe. It places renewed emphasis on the need to align cybersecurity with business practices.

A new study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work, commissioned by Tenable and conducted by Forrester Consulting reveals that adjustments organizations made to adapt during the pandemic have heightened their level of risk. And it provides a sometimes alarming glimpse into what's happening on the average home network.The study is based on the results of an online survey of 426 security leaders, 422 business executives, and 479 remote workers across 10 countries (i.e., full-time employees working three or more days from home), as well as in-depth telephonic interviews with six business and security executives.

According to the study, 80% of security and business leaders indicate their organizations have more exposure to risk today as a result of moving to a remote workforce model and migrating business-critical functions to the cloud. We believe many of the remote work and cloud tools were pressed into service without security controls; in some cases, the tools themselves are nascent and their security controls are immature.

It's already well past time for infosec leaders to strategically re-evaluate the systems put into place to accommodate these changes with an eye toward making their security as dynamic as the workplace itself. Already, nearly a quarter (24%) of business and security leaders have made the move to remote work permanent; another 68% say they'll make it official over the next two years.

Expanding the software supply chain is likewise seen as a vector of increased risk for 61% of respondents. We believe any software expansion borne of necessity and spun up in haste is more likely to lack robust third-party security controls.

And the consequences for businesses are real. According to the study:

  • 92% of organizations experienced a business-impacting cyberattack or compromise within the past 12 months resulting in one or more of the following outcomes: a loss of customer, employee, or other confidential data; interruption of day-to-day operations; ransomware payout; financial loss or theft; and/or theft of intellectual property. 

  • More than two thirds of respondents (67%) say these attacks targeted remote workers.

  • The vast majority (74%) said at least one attack resulted from vulnerabilities in systems put in place in response to the COVID-19 pandemic.

  • Nearly three quarters (70%) were victims of three or more attacks. 


Meanwhile, the perimeter between the home network and the corporate network is dissolving. Not only are remote workers accessing sensitive corporate data from home, they're often doing so using a personal device. According to the study, over half of remote workers acknowledge accessing customer data using a personal device. When you consider remote workers have an average of eight devices connecting to their home network — including employer-provisioned devices, personal devices, appliances, wearables and gaming systems — and, on average, have three people in their household with devices connecting to the same home network, the challenges facing security leaders becomes stark.

Connecting from home is one thing; connecting from personal devices on an overtaxed consumer-grade home network without any corporate security controls is entirely another.

These findings make clear how little visibility organizations have into what's happening in their environments: 71% of security leaders say they lack high or complete visibility into remote employee home networks; 64% lack this level of visibility into remote employee-owned devices. With privacy expectations for employees naturally limiting any view employers can have into a home network, it becomes clear that security protections need to reside as close as possible to business-critical data and the assets used to access it. In short: If you can't understand the device and network, you need to control the access a user has.

While the challenges may seem daunting, the path forward is hiding in plain sight. Organizations must rethink how they define risk, looking beyond software flaws and device compliance to achieve a holistic view of their dynamic and disparate environments. They must invest in adaptive user and data risk profiles to disrupt attack paths by accounting for misconfigurations in Active Directory and the cloud and step up security based on changing conditions, behaviors or locations. And they must take a hard look at the limits of traditional, perimeter-based security architectures, to consider more sophisticated options that continuously monitor and verify every attempt to request access to corporate data at all levels, whether that's a device, app, user, or network attempting to make that connection. For some, this may mean a reckoning with their own cyber hygiene and vulnerability management practices; for others, it could present an opportunity to shift toward risk-based vulnerability management and continuous monitoring of Active Directory as a strategy for effectively disrupting attack paths; and, for the most advanced organizations, it could mean taking the first steps on a journey toward zero trust.

Whichever path you choose, the study makes one thing clear: business and security leaders must work together to find new ways to protect sensitive data in the new world of work.

자세히 알아보기

관련 기사

최신 익스플로잇에 대해 취약합니까?

이메일을 입력하여 최신 사이버 노출 알림을 받으십시오.

tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable.io Vulnerability Management 평가판에는 Tenable Lumin, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Nessus Professional 무료로 사용해 보기

7일간 무료

Nessus®는 오늘날 시장에서 가장 포괄적인 취약성 스캐너입니다. Nessus Professional은 취약성 스캔 프로세스를 자동화하고 컴플라이언스 주기에서 시간을 절약하고 IT 팀이 참여할 수 있도록 합니다.

Nessus Professional 구매

Nessus®는 오늘날 시장에서 가장 포괄적인 취약성 스캐너입니다. Nessus Professional은 취약성 스캔 프로세스를 자동화하고 컴플라이언스 주기에서 시간을 절약하고 IT 팀이 참여할 수 있도록 합니다.

여러 해 라이선스를 구매하여 절감하십시오. 연중무휴 전화, 커뮤니티 및 채팅 지원에 액세스하려면 Advanced 지원을 추가하십시오.

라이선스 선택

여러 해 라이선스를 구매하여 절감하십시오.

지원 및 교육 추가

Tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable.io Vulnerability Management 평가판에는 Tenable Lumin, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Tenable.io Web Application Scanning 사용해 보기

Tenable.io 플랫폼의 일부로 최신 애플리케이션을 위해 설계된 최신 웹 애플리케이션 스캐닝 서비스에 대한 전체 액세스 권한을 누리십시오. 많은 수작업이나 중요한 웹 애플리케이션 중단 없이, 높은 정확도로 전체 온라인 포트폴리오의 취약성을 안전하게 스캔합니다. 지금 등록하십시오.

Tenable Web Application Scanning 평가판에는 Tenable.io Vulnerability Management, Tenable Lumin 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable.io Web Application Scanning 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

5 FQDN

$3,578

지금 구매

Tenable.io Container Security 사용해 보기

취약성 관리 플랫폼에 통합된 유일한 컨테이너 보안 서비스에 대한 전체 액세스 권한을 누리십시오. 컨테이너 이미지에서 취약성, 맬웨어 및 정책 위반을 모니터링합니다. 지속적 통합 및 지속적 배포(CI/CD) 시스템과 통합하여 DevOps 실무를 지원하고 보안을 강화하고 기업 정책 컴플라이언스를 지원합니다.

Tenable.io Container Security 구매

Tenable.io Container Security는 빌드 프로세스와의 통합을 통해 취약성, 맬웨어, 정책 위반 등 컨테이너 이미지의 보안에 대한 가시성을 제공하여 DevOps 프로세스를 원활하고 안전하게 지원합니다.

Tenable Lumin 사용해 보기

Tenable Lumin을 사용하여 Cyber Exposure를 시각화 및 탐색하고 시간 경과에 따른 위험 감소를 추적하고 유사한 조직을 벤치마크하십시오.

Tenable Lumin 평가판에는 Tenable.io Vulnerability Management, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable Lumin 구매

조직 전체에서 인사이트를 얻고 사이버 위험을 관리하는 데 Lumin이 어떻게 도움이 되는지 알아보려면 영업 담당자에게 문의하십시오.

Tenable.cs 사용해 보기

클라우드 인프라 구성 오류를 감지 및 수정하고 런타임 취약성을 볼 수 있는 전체 액세스 권한을 누리십시오. 지금 무료 평가판에 등록하십시오.

Tenable.cs Cloud Security 평가판에는 Tenable.io Vulnerability Management, Tenable Lumin 및 Tenable.io Web Application Scanning도 포함되어 있습니다.

영업 담당자에게 연락하여 Tenable.cs 구매

영업 담당자에게 연락하여 Tenable.cs 클라우드 보안에 대해 자세히 알아보고, 클라우드 계정을 온보딩하는 것이 얼마나 쉬운지 확인하고, 몇 분 내에 클라우드 구성 오류와 취약성에 대한 가시성을 얻으십시오.

Nessus Expert 무료로 사용해 보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

Nessus Professional이 이미 있습니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Nessus Expert 구매

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

프로모션 가격이 2월 28일까지 연장되었습니다.
여러 해 라이선스를 구매하여 비용을 더 절감하십시오.

지원 및 교육 추가