The modern workforce has resulted in an increase in users, devices, and applications existing outside of controlled networks, including corporate networks. As a result, the business emphasis on the “network” has decreased and the reliance on the internet as the connective tissue for businesses has increased.
Leveraging the internet as a means of connectivity has greatly benefited businesses in regard to scalability, reliability, and user experience. It makes it possible for healthcare providers to continue treating patients via Zoom and enables teachers to create a virtual learning environment for their students. While the internet has helped enable the modern workforce, we must remember that it is an untrusted network. The significant expansion of its use has led to a correspondingly sizable expansion in attack surface as remote workers and network access solutions have become a popular target for cybercriminals to exploit. In a recent survey, 94 percent of businesses said they are aware that cybercriminals are specifically targeting VPNs and other network-centric technologies to gain access to their corporate networks (2021 VPN Risk Report), resulting in attacks such as VPN exploits, Sodinokibi, and the recent HAFNIUM MSFT Exchange attacks.