By Siddharth Deshpande, Field Chief Technology Officer, Palo Alto Networks, Asia Pacific and Japan

The COVID-19 pandemic triggered a sudden shift to remote work, and the percentage of employees working remotely jumped from 20% to 71%. There has also been a rapid uptick in demand for cloud services — organizations worldwide rapidly expanded their use of the cloud by more than 20% during this period. However, the surge in cloud adoption also coincided with a spike in cyberattacks over the past year.

In the most recent Cloud Threat 1H2021 report, Palo Alto Networks’ Unit 42 threat intelligence team analyzed data from hundreds of cloud accounts worldwide between October 2019 and February 2021 to understand the global impact of COVID-19 on the security posture of organizations. The data was captured from organizations and industries globally, including America, Europe, the Middle East, Africa, Japan, and Asia Pacific region. Moreover, it showed a correlation between increased cloud spending due to the pandemic and security incidents.

Organizations expanded their cloud workload deployments following the pandemic, but they also saw more security risks. Cloud security incidents in the retail, manufacturing, and government industries grew by 402%, 230%, and 205%, respectively. These industries were among those facing the pressure to adapt and scale in the face of the pandemic. Retailers needed new ways to quickly provide basic necessities, while manufacturing and government organizations had to deliver COVID-19 supplies and aid. Industries that play crucial roles in combating the pandemic continue to struggle to secure their cloud workloads, underscoring the danger of underinvesting in cloud security. Although cloud infrastructure allows businesses to expand their remote work capabilities quickly, automated security controls around DevOps and continuous integration/continuous delivery (CI/CD) pipelines often lag behind this rapid movement.

Palo Alto Networks discovers malicious scans on Microsoft Exchange 5 minutes after disclosure
Palo Alto Networks expands IoT security to healthcare to ensure patient data privacy

Many companies are still in the early stages of securing their Infrastructure as Code (IaC) environments. IaC templates allow DevOps teams to automate the deployment of cloud infrastructure to support cloud-native application environments. The IaC approach offers great scalability and agility to cloud workloads but requires a special focus on security considerations. Catching errors and security risks early on in the DevOps cycle, commonly referred to as “shift left security,” allows security teams to prevent errors in IaC templates from getting amplified in production cloud deployments.

Cryptojacking

Researchers also revealed significant increases in a wide variety of security risks during the pandemic, including unencrypted cloud data, exposure of cloud resources to public access, insecure port configurations, and more. These incidents underscore the failure of most organizations to scale cloud governance and security automation at the same rate that they scaled their cloud workloads.

On the other hand, researchers also noted clear correlations between public cloud crypto-jacking activity associated with Monero (XMR), a cryptocurrency that can be mined in the cloud, and events related to the pandemic. Mining connections also fluctuated in response to pandemic-related health, political and economic developments.

Organizations are also re-evaluating their strategies for security in their hybrid workforce. The hybrid workforce environment means having the same security capabilities irrespective of whether the employee is at a remote location or at the office/branch. In order to deliver on this vision, organizations need to move toward a gradual convergence of networking and security functions — also known as the secure access service edge (SASE) model.

SASE

According to the recently released State of Hybrid Workforce Security 2021 report, which analyzes the responses of over 3,000 enterprise information technology professionals involved in information security, network operations, and application development, 61% of organizations have struggled to provide the necessary remote security to support work-from-home capabilities, accelerating the critical need for Secure Access Service Edge (SASE) to improve the security, connectivity, and productivity for hybrid workers. Also, during the transition to remote work, 48% admitted to compromising security or increasing security risk through lax enforcement of security policies and/or “allowing employees more leeway than what was normally acceptable”.

In conclusion, increased cloud adoption and remote working does bring with it new types of risk. However, these trends do not inherently make an organization insecure if this risk is appropriately addressed. It is now more crucial than ever for enterprises to adopt security design models that help manage risk at scale while allowing the business to adapt to the new technology realities of the workplace. A viable strategy is to focus on partnering with external providers that can offer cloud security platforms with the widest coverage for threat scenarios, while simultaneously driving internal cultural change within the organization to make security a critical part of business efforts. The good news is that organizations do not need to rip and replace their existing infrastructure to support these objectives. A good security transformation strategy starts small, building on existing investments and working towards a longer-term vision.