Decentralized Security Creates More Risk
CF: Does decentralized security create more vulnerabilities and, therefore, opportunities for cybercriminals? Can you give some examples?
SH: Every year, Verizon releases its Data Security Report that presents an average time to detect at 200-plus days. A third party often discovers the attack before the victim organization. Smaller companies take as much as four times that average to detect these threats. This speaks to the complexity of environments these businesses are expected to protect and the prevalence of security gaps within that environment.
As COVID-19 made work from home (WFH) the norm overnight, VPN and RDP connections became a prime target for hackers trying to exploit poorly protected users connecting from outside the protected network. Without the endpoint informing the network of an active infection, and having that network act to prevent a further connection from that endpoint, these remote channels could essentially let an attacker through the front door.
