Remote work opening “Pandora’s box” of security threats

Imperva exec says organisations are more vulnerable to complex cybersecurity risks

Posted 18 March 2021 by Christine Horton

The shift to full-time remote work has opened something of a Pandora’s box of security threats.

That’s according to Chris Waynforth, AVP Northern Europe at web security company, Imperva.

Waynforth believes organisations, both large and small, now find themselves more vulnerable than ever before to complex cybersecurity risks.

“The network perimeter that once protected employees working at physical sites is disappearing,” he said. “Employees working from home now often forgo connecting to a VPN. Many organisations have not adapted their security controls for this ‘new normal’ of work and are still relying on traditional methods to protect data. That approach has created security gaps, and motivated cybercriminals are taking advantage of it.”

Waynforth shared research from Imperva Research Labs into data leakage attacks that shows incidents where data is transmitted from an organisations’ corporate network to an external destination without authorisation jumped 93 percent in 2020.

“This a threat that is not going to slow down any time soon. In the first few days and weeks of January 2021, Imperva monitored single-day peaks for data leakage attacks at higher rates than any one day in 2020.”

Cloud security

In 2020 the Cloud Industry Forum (CIF) said 55 percent of UK firms have increased their cloud adoption as a direct result of COVID. However, Waynforth points out that cloud is not secure-by-design.

“Cloud offers operational efficiencies but is not an impenetrable fortress,” he said. “Organisations fool themselves into thinking that it’s the cloud service providers’ responsibility to secure the data they store, but that logic is indefensible.

“Through 2025, it’s believed that at least 95 percent of cloud security failures will be the fault of the company using the cloud service. In part, this is because IT is migrating data and systems to the cloud without consulting the IT Security team. Vulnerabilities and misconfigurations of cloud environments will become a greater source of data breach risk for organisations as they accelerate their adoption of cloud technology.

“Moving too quickly without addressing critical security issues upfront will only put businesses more at risk. Ultimately, it doesn’t matter how much money you save migrating to the cloud if you’re compelled to pay a costly fine in the future.”