Zscaler and Bitglass reports expose pandemic cyber security risks

Security has been a constant growth area for the channel over the past 18 months and there are indications in research published by Zscaler and Bitglass that customers continue to need help in securing their data.

Findings issued by cloud security player Zscaler have lifted the lid on how the coronavirus pandemic has impacted user attack surfaces, with the shift to remote working providing more targets for cyber criminals.

Research carried out by the firm between February 2020 and April 2021 found there were 202,000 common vulnerabilities in the attack surface of the 1,500 businesses surveyed, with 49% of those being classified as “critical” or “high” severity.

“The sheer amount of information that is being shared today is concerning because it is all essentially an attack surface,” said Nathan Howe, vice-president, emerging technology at Zscaler. “Anything that can be accessed can be exploited by unauthorised or malicious users, creating new risks for businesses that don’t have complete awareness and control of their network exposure.”

The firm also discovered that 400,000 servers could be found on the internet and were at risk, with 47% of the support tools that firms relied on being outdated and vulnerable.

“By understanding their individual attack surfaces and deploying appropriate security measures, including zero-trust architecture, companies can better protect their application infrastructure from recurring vulnerabilities that allow attackers to steal data, sabotage systems, or hold networks hostage for ransom,” said Howe.

At the same time, cloud security specialist Bitglass released a report highlighting how the bring-your-own-device (BYOD) issue continues to leave customers exposed to risk.

The conclusion of its 2021 BYOD Security report, which was a joint venture with Cybersecurity Insiders, was that BYOD was here to stay and many customers were struggling to get a grip on what devices were accessing the corporate network.

“As mobility and remote work environments keep growing, so do challenges, ranging from managing device access to handling urgent mobile security concerns,” said Holger Schulze, founder of Cybersecurity Insiders.

“Our research uncovered a plethora of evidence that shows organisations are not paying enough attention to securing unmanaged personal devices and why now is the time for them to think differently when it comes to securing BYOD.”

Echoing the Zscaler research, Bitglass’ report showed there were signs that outdated and limited tools were being used to try to keep threats at bay, with 41% of organisations using endpoint malware protection for staff-owned devices, which was described as a “far from ideal” approach. More worryingly, 30% of those quizzed indicated they had no malware protection for BYOD.

Anurag Kahol, CTO at Bitglass, said conversations needed to be initiated now with customers to ensure data was secure as businesses exited the pandemic.

“As enterprises begin to shift to hybrid work environments, personal devices will provide the flexibility and remote access that employees require,” he said. “This new way of working, however, will undoubtedly stretch the resources of security teams.

“This is why there has never been a more important time for enterprises to seriously rethink their approach and secure all forms of communication among users, devices, apps or web destinations.”