Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 블로그

구독

Protecting the Atomized Attack Surface: Cybersecurity in the New World of Work

A new study reveals how moving to a remote workforce model and migrating business-critical functions to the cloud are exposing the vast majority of organizations to increased risk.

The next 18 months are going to test the mettle of cybersecurity organizations around the globe like never before.

The attack surface has been atomized by systems put in place to support remote work in response to the COVID-19 pandemic, all of which are well on their way to becoming permanent fixtures as the boundaries between office and home blur. The SolarWinds and Kaseya attacks heighten concerns about the integrity of the software supply chain. And the cloud is no longer optional — it's a crucial enabler of critical business functions in a workplace without boundaries.

What does all this mean for security leaders? We believe it represents an opportunity to rethink what's considered an "asset" and how a "vulnerability" is defined — and how to improve visibility into both — all while keeping employees productive and safe. It places renewed emphasis on the need to align cybersecurity with business practices.

A new study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work, commissioned by Tenable and conducted by Forrester Consulting reveals that adjustments organizations made to adapt during the pandemic have heightened their level of risk. And it provides a sometimes alarming glimpse into what's happening on the average home network.The study is based on the results of an online survey of 426 security leaders, 422 business executives, and 479 remote workers across 10 countries (i.e., full-time employees working three or more days from home), as well as in-depth telephonic interviews with six business and security executives.

According to the study, 80% of security and business leaders indicate their organizations have more exposure to risk today as a result of moving to a remote workforce model and migrating business-critical functions to the cloud. We believe many of the remote work and cloud tools were pressed into service without security controls; in some cases, the tools themselves are nascent and their security controls are immature.

It's already well past time for infosec leaders to strategically re-evaluate the systems put into place to accommodate these changes with an eye toward making their security as dynamic as the workplace itself. Already, nearly a quarter (24%) of business and security leaders have made the move to remote work permanent; another 68% say they'll make it official over the next two years.

Expanding the software supply chain is likewise seen as a vector of increased risk for 61% of respondents. We believe any software expansion borne of necessity and spun up in haste is more likely to lack robust third-party security controls.

And the consequences for businesses are real. According to the study:

  • 92% of organizations experienced a business-impacting cyberattack or compromise within the past 12 months resulting in one or more of the following outcomes: a loss of customer, employee, or other confidential data; interruption of day-to-day operations; ransomware payout; financial loss or theft; and/or theft of intellectual property. 

  • More than two thirds of respondents (67%) say these attacks targeted remote workers.

  • The vast majority (74%) said at least one attack resulted from vulnerabilities in systems put in place in response to the COVID-19 pandemic.

  • Nearly three quarters (70%) were victims of three or more attacks. 


Meanwhile, the perimeter between the home network and the corporate network is dissolving. Not only are remote workers accessing sensitive corporate data from home, they're often doing so using a personal device. According to the study, over half of remote workers acknowledge accessing customer data using a personal device. When you consider remote workers have an average of eight devices connecting to their home network — including employer-provisioned devices, personal devices, appliances, wearables and gaming systems — and, on average, have three people in their household with devices connecting to the same home network, the challenges facing security leaders becomes stark.

Connecting from home is one thing; connecting from personal devices on an overtaxed consumer-grade home network without any corporate security controls is entirely another.

These findings make clear how little visibility organizations have into what's happening in their environments: 71% of security leaders say they lack high or complete visibility into remote employee home networks; 64% lack this level of visibility into remote employee-owned devices. With privacy expectations for employees naturally limiting any view employers can have into a home network, it becomes clear that security protections need to reside as close as possible to business-critical data and the assets used to access it. In short: If you can't understand the device and network, you need to control the access a user has.

While the challenges may seem daunting, the path forward is hiding in plain sight. Organizations must rethink how they define risk, looking beyond software flaws and device compliance to achieve a holistic view of their dynamic and disparate environments. They must invest in adaptive user and data risk profiles to disrupt attack paths by accounting for misconfigurations in Active Directory and the cloud and step up security based on changing conditions, behaviors or locations. And they must take a hard look at the limits of traditional, perimeter-based security architectures, to consider more sophisticated options that continuously monitor and verify every attempt to request access to corporate data at all levels, whether that's a device, app, user, or network attempting to make that connection. For some, this may mean a reckoning with their own cyber hygiene and vulnerability management practices; for others, it could present an opportunity to shift toward risk-based vulnerability management and continuous monitoring of Active Directory as a strategy for effectively disrupting attack paths; and, for the most advanced organizations, it could mean taking the first steps on a journey toward zero trust.

Whichever path you choose, the study makes one thing clear: business and security leaders must work together to find new ways to protect sensitive data in the new world of work.

자세히 알아보기

관련 기사

도움이 되는 사이버 보안 뉴스

이메일을 입력하여 Tenable 전문가에게서 적시에 알림을 받고 보안 참고 자료를 놓치지 마십시오.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 전 세계를 대상으로(UAE 제외) 만들어졌으며 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구입하십시오.

100 자산

구독 옵션 선택:

지금 구입

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 전 세계를 대상으로(UAE 제외) 만들어졌으며 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구입하십시오.

100 자산

구독 옵션 선택:

지금 구입

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 전 세계를 대상으로(UAE 제외) 만들어졌으며 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구입하십시오.

100 자산

구독 옵션 선택:

지금 구입

Tenable Web App Scanning 사용해보기

Tenable One - 위험 노출 관리 플랫폼의 일부분으로 최근의 애플리케이션을 위해 설계한 최신 웹 애플리케이션 제공 전체 기능에 액세스하십시오. 많은 수작업이나 중요한 웹 애플리케이션 중단 없이, 높은 정확도로 전체 온라인 포트폴리오의 취약성을 안전하게 스캔합니다. 지금 등록하십시오.

Tenable Tenable Web App Scanning 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Web App Scanning 구입

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구입하십시오.

5개 FQDN

$3,578

지금 구입

Tenable Lumin 사용해 보기

Tenable Lumin으로 위험 노출 관리를 시각화하여 파악하고 시간에 걸쳐 위험 감소를 추적하고 유사한 조직과 대비하여 벤치마킹하십시오.

Tenable Lumin 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Lumin 구입

영업 담당자에게 문의하여 어떻게 Tenable Lumin이 전체 조직에 대한 통찰을 얻고 사이버 위험을 관리하는 도움이 되는지 알아보십시오.

무료로 Tenable Nessus Professional 사용해보기

7일 동안 무료

Tenable Nessus는 현재 구입 가능한 가장 종합적인 취약성 스캐너입니다.

신규 - Tenable Nessus Expert
지금 사용 가능

Nessus Expert는 외부 공격 표면 스캔닝과 같은 더 많은 기능 및 도메인을 추가하고 클라우드 인프라를 스캔하는 기능을 추가합니다. 여기를 클릭하여 Nessus Expert를 사용해보십시오.

아래 양식을 작성하여 Nessus Pro 평가판을 사용해보십시오.

Tenable Nessus Professional 구입

Tenable Nessus는 현재 구입 가능한 가장 종합적인 취약성 스캐너입니다. Tenable Nessus Professional은 취약성 스캔 절차를 자동화하고 컴플라이언스 주기의 시간을 절약하고 IT 팀과 참여할 수 있도록 합니다.

여러 해 라이선스를 구입하여 절감하십시오. 연중무휴 전화, 커뮤니티 및 채팅 지원에 액세스하려면 Advanced 지원을 추가하십시오.

라이선스 선택

여러 해 라이선스를 구입하여 절감하십시오.

지원 및 교육 추가

무료로 Tenable Nessus Expert 사용해보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

이미 Tenable Nessus Professional을 보유하고 계십니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Tenable Nessus Expert 구입

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

여러 해 라이선스를 구입하여 비용을 더 절감하십시오.

지원 및 교육 추가