KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.
Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.
Matthias Reinwarth and Christopher Schütze talk about how to efficiently identify and rate your investments into Cybersecurity.
The outbreak of the COVID-19 pandemic has served as a catalyst for digitization in many companies and led to an increase in remote work and adoption of the bring your own device (BYOD) policy. Every device and digital service that employees use is a potential gateway into company networks and thus poses a security risk. The risks are magnified even more when privileged accounts enter the equation because they enable access to critical data. Given the immediacy and speed with which companies had to shift from office to remote work, security concerns were often neglected leading to an increase in successful cyberattacks.
Facing this situation of increased risks and attack vectors, companies need to have foolproof security in place to keep their data safe and secure. IT teams should start with the very basics such as giving the company staff cybersecurity awareness trainings and monitoring remote access. While it has become a well-known fact that Privileged Access Management (PAM) is an integral part of cybersecurity in modern companies, Secure Compliance Management (SCM) and User Behaviour Analytics (UBA) perhaps have not been given proper attention in the security world yet.
Matthias is joined by cybersecurity expert Warwick Ashford to unravel the complexities surrounding Remote Desktop Protocol (RDP) security in the face of rising ransomware attacks. The discussion initiates with an overview of RDP's functionality and its indispensable role in modern businesses. They delve into the reasons behind RDP's susceptibility to cyber-attacks, accentuated by the remote work surge during the pandemic. The conversation takes a critical turn as it explores the precarious balance of remote accessibility and security, highlighting frequent oversights in RDP implementation.
Warwick sheds light on the alarming trend of RDP credential sales on the dark web, outlining the severe repercussions for lax security measures. The dialogue then shifts to pragmatic strategies, emphasizing the non-negotiables in RDP security protocols that companies must adopt. Reinforcing the concept of Zero Trust, Warwick advocates for its integration to enhance RDP security frameworks. The episode concludes with a forward-looking perspective, contemplating the evolution of remote access technologies and preemptive measures businesses must consider to thwart emerging cyber threats.
Cybersecurity is one of the areas where virtually every business will need to invest because of ever-growing cyber risks and ever-tightening regulations, and in the post-Covid era, the cybsersecurity market continues to evolve and grow, having gained even greater importance. Warwick Ashford joins Matthias to discuss the factors driving the trends in this market and what businesses should be considering when making cybersecurity investments.
The path toward a Zero Trust architecture to improve cybersecurity for modern enterprises in a hybrid IT landscape often seems overly complex and burdensome. Alexei Balaganski is this week's chat partner for Matthias and he draws attention to an often overlooked benefit of such an infrastructure. One key idea of Zero Trust is to actually reduce complexity and unnecessary effort and instead focus on what really needs to be protected.
Matthias Reinwarth and Martin Kuppinger dispel a few myths about Zero Trust.
The way people are working has changed fundamentally. Cybersecurity is even more essential than before. Martin Kuppinger, Principal Analyst at KuppingerCole, will look at the factors that drive the relevance of cybersecurity, but also change the way cybersecurity is done right. He then will look at the trends in cybersecurity and how new technologies and methods help in mitigating cyber risks and improving cyber attack resilience. This includes looking at the impact of Work from Home, changing attack vectors, or the impact of AI on cybersecurity, and discussing what new technologies such as SOAR and Cyber Ranges can provide for getting better in cybersecurity. He also will look at the need for doing a thorough cybersecurity portfolio assessment, to optimize spending and getting a grip on the zoo of cybersecurity tools most businesses already have to pay for and to manage.
Matthias Reinwarth and Alexei Balaganski look at the potential alternatives to VPNs and security gateways.
Matthias Reinwarth and Martin Kuppinger are discussing the security challenges enterprises are now facing with the majority of employees working from home.
Welcome to the KuppingerCole analyst chat. I'm your host. My name is Mathias Reinwarth. I'm a lead advisor and senior analyst at KuppingerCole analysts. My guest today is Shikha Porwal. She is an advisor with KuppingerCole usually working out of Frankfort Germany. Hi Shikha. Hi Matthias. Thank you so much for having me Great to have you. And when I say that you are usually working out of Franklin, you are doing what many of our colleagues do, because on the one hand, we are really a, an organization that is really international and spread around the world.
So we have John working from Seattle and we have Graham working from Brisbane and Paul will be with me next week. He's working out of London.
Um, where are you right now? Right Now?
I'm, I'm in the middle east. I'm working from Byron as all of us. A lot of us have now moved, uh, for a long time to work from home. And so I'm here right now in the middle east, enjoying the hot sun, right? So you are working from home and this is the third episode in a series of episodes that are circling around the topic of cyber security and the cyber security threat landscape in a working from home scenario. So that fits nicely in there. So happy to have you for this episode, Annie and I, we did the first two episodes in the series, so let's dig a bit deeper into that topic.
So when we were talking about home network, that could be any type of network. It's not necessarily home. It could be something like a shared office or an office space in general, but it could be also the usual home network. So we're talking about security about the cyber security threat landscape. So what would be the vulnerabilities of a home network?
Well, Mathias, when we talk about, uh, the vulnerabilities of home network, especially during the pandemic that there are countless of them and the reason being, uh, we are connecting a lot of our personal, as well as other devices to the enterprise network. Now, the enterprise network being your company's network, or for example, a school's network or that of a hospital. So in that sense, these devices do not have proper firewalls or do not have any antivirus services or probably they do have that, but it's not updated and they're using default passwords that can easily be compromised.
So in that sense, when we talk about vulnerabilities from home network, it is basically sort of a lot of devices that are now outside the hardened or the defined perimeter of the security. So we have like a security per meter, but now there are many other, uh, items or end points that get added to this it ecosystem, but that actually outside the security perimeter.
So when we go into details of vulnerabilities, they're just endless, there could be a lot of different technologies and applications that have been downloaded, which do not have adequate safeguards or do not have proper instructions from the ID team. And a lot of boards are risky that a lot of services that are exposed on the internet facing assets and unpatched VPNs.
So due to the increase of endpoints that are many vulnerabilities, that for example, that the ones I mentioned have, have come up Right, and many security experts including us already have claimed before that, that actually, um, is no longer this well-defined perimeter for an organization. And I think the pandemic has clearly shown that this is really true and it has dramatically shown that organizations and people need to adapt to that very quickly.
Um, are there any, any figures that you see from the experience, um, and from research that proves that attacks have increased in overtime? Um, Annie mentioned some of those already, but when it comes to people really working from home using, I don't know, remote services, is there anything that you would like to point out where really there is proof for this trend of, um, vulnerabilities being also exploited? Yes. Yes. There's so many researchers and so many, uh, uh, trends that we have seen.
And the research that we did because of the whole bring your own device environment that has come up during the pandemic. One of the example is, uh, what we see as an attack or breach of the remote desktop protocols, um, as a technology, which is also one of the biggest endpoint security vendors actually saw that the number of attacks per day, via RDP draws from 65,000 a day in December of 2019 to 1100 thousand per day by may of 2020.
So this is just one example of showing how, just because the shift has been from normal everyday work in my mental, uh, home environment, the shift has caused so much vulnerability, even in 2020, a study of the us health care organization found out that 49% of the devices, laptops, or other devices to the employers and the healthcare work had risky ports and services exposed to a lot of other endpoint vulnerabilities. And when we talk of healthcare data, this is really like a goal in mind for cybercriminals to use it against the organization or the government or the country.
So in that sense, increased use of VPNs in many ways. Many studies have shown has increased security challenges for all of us, Right? While VPNs are not the easiest thing to use and are not really convenient and come with more or less bad user experience, that it's really something that offers room for improvement and offers room for security improvement. We've been talking about the traditional end point device though. That would be the, the laptop, the home computer that would be maybe some tablet or such type of things.
If you think of other devices, IOT devices, um, do they also contribute to the increase in cyber attacks? Are there other devices we should look at? Of course, any device, any device that our home appliances that are many other, uh, devices of phone, for example, especially you, a lot of them who are doing remote schooling has resulted in higher risk of unintentionally downloading malicious software as well.
So it just does not come to laptops or tablets, but also this cannot be extended for example, to printers also, which do not have up-to-date browsers plugins or PDF viewers, even the office tools might not be as per the security measures and the installation of a lot of these new applications to support work from home has resulted in a lot of vulnerabilities. And what happens is these points lead to a lot of data leakage, which has been more challenging to handle in 2020 in comparison to 2019.
So this is, this is also come up in a lot of surveys where it professionals have stated that employees working remotely or other people using more IOT devices, it could be children, it could be, anyone has really increased the whole vulnerability to data leakage or incidents of data leakage. Okay.
Um, this is episode 70 something of this podcast and then a very, very early episode in, in, in March or April, I assume I did together with Martin Kuppinger our colleague. We talked about how we could, um, work towards getting more of an awareness in our, in our employees and how we could change the rules for using these devices to ensure a secure and safe use of home devices in a corporate environment. What has been the impact since then on employee behavior, on security policies, on the way that people use their home network for accessing corporate systems? Are there changes some visible?
Yeah, definitely. There's a lot of data in order to support this, uh, statement of yours Mathias, a lot, many corporate security policies in 2020 has put more emphasis on securing the employees work from home and environment. And even the NISD has acknowledged that the increase in IOT devices in a company's ID system brings more security challenges. A lot of data has shown for example, a report, uh, in the U S said that 23% of employees do not know what security settings or products are installed on the devices they're using for work.
And I'm talking about almost 50% of the people who responded to these surveys actually have never even done work from home before. So if the, do not know if the security settings properly, they might not use the security functionalities to their full, full potential. And even another survey said that around 54% of the employees do seek workarounds. If security policies prevent them from actually accomplishing their tasks.
And here, I would say Mathias, even some of us have faced these kinds of challenges and that we are unable to accomplish a task. And for a second mind think of a workaround. So this is something I think all of us are familiar with that has even been warnings that say that there could be a risk of intentional insider threat, just because an employee resents, um, pandemic related layer, for example, which could be one of the biggest reasons to do so.
So yes, um, in that sense, you can see a lot of employee behavior making or increasing the risk of, uh, security during the pandemic, Right? But that would be really deliberately. So convening, um, some, some orders, some best practices, some security measures that are in place. There is on the other hand, the threat of people doing something, um, that they actually did not want to do and did not expect to do so I'm talking about phishing. So they click on a link without doing this with this disrespect ground, the malicious attack comes from the outside. So is there a rise there as well?
Is this still the case now more than one year into the pandemic, Of course, uh, fishing, especially targeted fishing has risen highly. I do not have the exact numbers on those, but we see a trend that all the malicious actors, or how to say cyber criminals are easily able to adapt to this new para-dime of work from home and increase in IOT devices. It's like a gold mine for them. But what happens is on the other hand, employees are under a lot of emotional stress.
This could be due to the pandemic due to work from home or losing their jobs, but for X and Y reasons they're more susceptible to phishing and business, email compromise, and hence spirit fishing is one of the most prolific social engineering method, especially when you see in 2020. And this has been magnified, especially by the wealth of personal information available online, typically from social media.
So yes, targeted fishing and fishing in general has increased a lot during the last one year, Right? One measure that we at KuppingerCole have in place that our colleagues are really monitoring very closely. These types of males that come in that look very, very closely like a male that could be sent from the inside or actually sent from the outside.
There, there are names from colleagues in there. And please click on that because your colleague AE wants to have you confirm this or read that document that is really going on. And our colleagues are on top of what the automatic mechanisms already provide when it comes to identifying malware within males and unusual links within males, they are adding another layer of, of human experience to say, okay, take care of, there is a new wave of a spare fishing males coming in. What else can a company do to prepare itself, to face such disruption? Monte has such disruptions.
I think this is a whole huge social experiment of moving into a remote work environments, but moving to cloud. And in general, you, uh, being able to work from home is something which already, uh, the market has realizing. And everyone at in an enterprise or an organization is realizing that it is increasing from day to day. And for that, although there is no clear single framework that out a few organizations that have tried to deal with cyber security concern and want to do that in the future. And I think the best way forward is to mitigate risk.
Remote working arrangement has forced the forms to undergo a lot of cloud transformation and a lot of ID practices that exist has made a challenging to support employee productivity, because they also do not want to compromise on security, but I would say one such approach is the zero trust model, uh, which operates on the principle of never trust and always verify since zero trust model offers the more scalable access management infrastructure for managing network resources. Um, COVID-19 has pushed most of the forms to actually adopt a zero trust security model.
However, when we talk about the migration towards zero trust model, there are a lot of challenges and a lot of, uh, forms of identifying identity and access management as one of the major challenges. So a lot of work to be done on the fundamentals. So to say the prerequisites of doodle trust by any enterprise that wants to adapt to it, but having a pet in meter less. So to say security architecture is something that zero trust can assure.
And I feel that this model is something that can actually help the enterprise get rid of a lot of these risks and vulnerabilities or reduce them to a very minimum level. Absolutely. And when you say that zero trust relies very much on, um, on a well-executed identity and access management, I think that is very true.
Of course, identity and access management is very close to my heart and to my experience of my professional life and these strong and reliable identities are at the core of zero trust because it does not mean that you don't not trust anything. That's not zero trust. It's you only trust in very basic, very, um, strong and reliable, um, aspects and that our device identities that our personal identities and that our service identities. So this triangle always make sure that there is a proper communication and you have something that you can verify all the time.
That would be one approach to protect the systems. Also in this work from home scenario, because every connection is encrypted and every connection is trusted because verified, do you have any recommendations where our audience could have a look at when it comes to learning more about this topic of protecting their own organization? There's something at KuppingerCole dot com that you would recommend where to start? What would be a starting point here?
Well, the best way for our audience to find out about zero trust is actually go to our website and go to the research section just by typing zero trust. You will find a sea of resources that whose heading would actually lead you to what you're looking for. And you could actually get started on that. And it's just not based on theory, but also events and as well as trends related to security and zero trust. So it's a well thought through a resource section for our avid listeners and readers. Perfect. Thank you very much.
And, uh, as this is the third episode in a series of podcasts around this working from home cyber security landscape, we will pick up another topic next week, Paul Fisher, and I will do that and we will look at what you've mentioned already. We will look at privileged access management, you and Annie, um, provided the groundwork so that we can build upon that. And there will be surely more episodes around that working from home cybersecurity topic on top of that, um, for the time being, thank you very much, um, Shika for being my guest today.
And I'm looking forward to having you as a guest very soon. Thank you, Mathias. It was my pleasure. It's nice talking to You and my pleasure and great to have you on board at KuppingerCole.
So, bye.
Thank you. Bye-bye
