VMware Cybersecurity Threat Survey: It’s time to Rationalize Enterprise Security Planning and Security Deployment
If you felt internet is a safe haven — think again… We are living in dangerous times as far as internet networking-related cyber-attacks are concerned. While reading and researching through recent reports on cybersecurity trends in the US, I already came across at least 10+ instances of a massive data breach and ransomware attacks. In fact, this week, global IT jobs and staffing company Collabera has been repeatedly hit by the Maze ransomware, jeopardizing employee identity data and other critical information. And, sadly, Collabera isn’t the only company on RADAR of Cybersecurity Threat. According to VMware’s latest survey on Cybersecurity Threat incidents, 97 percent of the USA organizations have reportedly suffered a data breach in the past 12 months. Nearly every second company has faced a cyber attack between 3 or more than 10 times!
What’s the Cost of a Cybersecurity Threat or Attack?
Cisco found out that 53% of ransomware attacks resulted in damages worth $500k or more.
However, the global economy has yet come to real terms of what ransomware attack damage may actually stand at, in 2020. Some speculate it’s a multi-billion dollar “dark economy”.
To find out the true impact of cyber attacks and how these affect enterprises, VMware surveyed 250 US-based CIOs, CTOs and CISOs. VMware Carbon Black published its first USA Threat Report as part of a global effort to prompt a concerted alliance in fighting cybercrimes. In the US alone, investments have grown significantly to secure enterprise network and IT infrastructure, with an average of 9 or more cybersecurity tools already deployed in the company.
However, we should ask a question or two on Cybersecurity Threat Intelligence?
- Are cyber threat intelligence tools really effective against security breaches?
- Can they differentiate between the traditional ransomware and the new strains of ransomware?
To find the answers, we need to understand the level of risk every enterprise is facing today.
VMware found out 97% of the respondents have met a security breach in the last 12 months, at an average 2.70 breaches during that time. But, that’s not the most worrisome trend.
Almost 84% of the attacks originated from unknown sources using sophisticated methodologies that any tool failed to detect in advance. These statistics have forced enterprise customers to not only increase their IT security and infrastructure management budget, but also look out for vendors and MSPs that can provide predictive analytics on security vulnerabilities.
What are the Risk Zones from Cybersecurity Threat?
According to the VMware USA Threat report, these were the most common causes of IT breaches —
- Networks (Almost 50%)
- OS risks (27%)
- Web applications (13.5%)
- Ransomware (13%)
A Dubious Pattern in Cyberattacks Targeting “Work From Home” population
The COVID-19 pandemic has forced almost every business to move to ‘work from home’.
A lack of communication between customers, prospects, partners, service providers and employees has enhanced the surface of cyberattacks. Remote workplace management has resulted in a massive gap in security risk preparedness and disaster recovery planning. VMware’s USA Threat report highlights as much as 26% of respondents felt a definite relation between remote working and serious attacks targeting their operations.
As a result of work from home in the last 3 months, 88% of the North American survey respondents found a varying level of cybersecurity attacks from a COVID-19 malware or phishing.
It’s clear that extended enterprise is under a serious attack from applications and websites.
Rick McElroy, Cyber Security Strategist at VMware Carbon Black, said “Island-hopping is having an increasing breach impact with 11% of survey respondents citing it as the main cause. Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalization, strategic thinking and clarity over security deployment.”
So, what are the biggest threats?
- COVID-19 Malware (89%)
- Missing multifactor authentication (MFA) (32%)
- Lack of communications resulting in gaps in Disaster Planning and Recovering management (83%)
- Lack of visibility into current and future IT challenges, exposing unknown security gap (63%)
- Risks directly related to COVID-19 have also quickly emerged, the survey found. This includes rises in COVID-19 malware which was seen by 89% of U.S. respondents.
We are already into the second half of the year– and the rate at which cyberattacks are targeting enterprise infrastructure, we might see more billions lost to dark web players and ransomware artists. If CISOs seriously look into their SecOps, we might see a large group of IT customers reducing their “Security sprawl” and optimizing their IT security with relevant products, agents, and interfaces deployed across an organization.
Simplified SecOps with real-time reporting is what most CIOs and CISOs would be looking at to fight Cybersecurity Threat and the COVID-10 malware attacks.
Currently, VMware software powers the world’s complex digital infrastructure. The company’s cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device.
Recently, VMware partnered with NVIDIA to bolster its GPU virtualization offering.