Poor remote endpoint visibility puts organizations at risk
Most organizations have a severe lack of visibility into remote endpoints according to a new report, which poses additional risks as more people work from home.
In addition, few have a way to stop ransomware from spreading throughout their network after an initial breach, according to the study from zero trust specialist Illumio.
The survey of IT professionals at 344 mid- to large-sized corporations finds that 59 percent of respondents are unable to see attempted connections to work laptops from other devices on the local home network. In addition 45 percent have limited visibility beyond the VPN, while 26 percent rely on their endpoint detection and response (EDR) tools to see traffic and connections on local home networks.
VPN still plays a major role in network security with 90 percent of respondents requiring employees to use a VPN at least some of the time.
"Since the VPN cannot see home network traffic, respondents assume the visibility they get from a VPN is sufficient, when, in fact, it leaves them blind to the environment that work devices are actually running in," says Matthew Glenn, senior vice president of product management at Illumio. "Devices on home networks are vulnerable to peer-to-peer and lateral attacks from unwitting family members. These vulnerable endpoints risk exposing an entire organization to systemic risk, even while workers are connected over a VPN. Once employees begin returning to the office, connecting potentially compromised devices to the corporate network will pose an even greater threat."
Zero trust technologies continue to gain traction, but most organizations have not yet deployed them to proactively contain lateral movement or the spread of ransomware, leaving the business vulnerable to new or modified threats.
The report also shows IT teams prioritized cybersecurity spending in 2021 but were most likely to spend less on firewalls (30 percent), Wi-Fi technology (26 percent), and network access control (25 percent).
The full report is available from the Illumio site.