The increase in the use of cloud services as a result of organisations and their employees shifting to remote work because of the COVID-19 pandemic is leaving corporate networks exposed to cyberattacks.
Many businesses had to swiftly introduce working from home at the start of the pandemic, with employees becoming reliant on cloud services including Remote Desktop Protocols (RDP), Virtual Private Networks (VPN) and application suites like Microsoft Office 365 or Google Workspace.
While this allowed employees to continue doing their jobs outside the traditional corporate network, it has also increased the potential attack surface for cyber criminals. Malicious hackers are able to exploit the reduced level of monitoring activity, while successfully compromising credentials – that are used to remotely login to cloud services – provides a stealthy route into corporate environments.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Cybersecurity researchers at security company Zscaler analysed the networks of 1,500 companies and found hundreds of thousands of vulnerabilities in the form of 392,298 exposed servers, 214,230 exposed ports and 60,572 exposed cloud instances – all of which can be discovered on the internet. It claimed the biggest companies have an average of 468 servers exposed, while large companies have 209 at risk.
The researchers defined 'exposed' as something that anyone can connect to if they discover the services – including remote and cloud services. Organisations are likely to be unaware that these services are exposed to the internet in the first place.
In addition to this, researchers discovered unpatched systems with 202,000 Common Vulnerabilities and Exposures (CVEs), an average of 135 per organisation, with almost half classified as 'Critical' or 'High' severity.
It's possible that cyber criminals will be able to discover and exploit these vulnerabilities in order to enter corporate networks and lay the foundations for cyberattacks including data theft, ransomware and other malware campaigns.
"The sheer amount of information that is being shared today is concerning because it is all essentially an attack surface. Anything that can be accessed can be exploited by unauthorised or malicious users, creating new risks for businesses that don't have complete awareness and control of their network exposure," said Nathan Howe, vice president for emerging technology at Zscaler.
While an increased attack surface can impact organisations of all sizes, international and large employers are the most at risk, due to their number of employees and a distributed workforce.
A global workforce may also make it more difficult to detect anomalous activity because the company is used to employees accessing the network from around the world, so a malicious intruder may not be immediately obvious.
But it's possible to take steps to reduce the attack surface – and the potential risk to the organisation as a result. Zscaler recommends three steps for minimising corporate network risk.
SEE: GDPR: Fines increased by 40% last year, and they're about to get a lot bigger
The first is to know your network – by being aware of what applications and services are in use, it's easier to mitigate risk. The second is to know your potential vulnerabilities – researchers recommend that information security teams stay informed about the latest vulnerabilities and the patches that can be applied to counter them.
The third thing organisations should do is adopt practices that minimise risk and act as a deterrent to cyber criminals. For example, secure login credentials for cloud services with multi-factor authentication, so in the event of a username and password being breached, it isn't as simple for criminals to actually access accounts and services.
"By understanding their individual attack surfaces and deploying appropriate security measures, including zero trust architecture, companies can better protect their application infrastructure from recurring vulnerabilities that allow attackers to steal data, sabotage systems, or hold networks hostage for ransom," said Howe.