Jonathan Tomek, VP of Research and Development, Digital Envoy
The breadth and impact of cyberattacks on businesses is phenomenal. In the first quarter of 2022 alone, there were a total of 75,099,482 breached records globally, driven by an influx in remote working that has seen a lasting shift in the requirements of organisations’ digital infrastructure. Data breaches caused by remote working cost $137,000 on average, and cybersecurity professionals have their work cut out in a rapidly evolving, high-risk landscape. Before Covid-19, a fifth of cyberattacks used previously unseen malware or methods. This proportion grew to 35% in the pandemic, with new attacks using the latest technologies to bypass cybersecurity measures.
Alongside this, as the devastating scenes continue to unfold in Ukraine, Russia’s cyber warfare arsenal is growing in size. The threat of cyberattack against civil infrastructure is constant and serious, with an alert shared by the Federal Cybersecurity and Infrastructure Security Agency (CISA) advising companies to “be prepared, enhance your organisation’s security posture, and increase organisational vigilance.”
Identifying and preparing for these threats is mission critical for businesses, with potential ramifications affecting a company’s productivity, reputation, and bottom line.
Is the uptick in VPN usage opening the door to threat actors?
As users adopt the latest technologies, cybercriminals find new avenues to exploit them and gain illicit access to organisations’ networks or individual users’ accounts. Virtual private networks (VPNs) are one key example of this, as they can help fraudsters anonymise themselves and obscure their actions.
Many companies use VPNs for a host of benefits, including giving remote staff access to company IT, minimising how much information is exposed to public wifi networks, and safeguarding personal data. The pandemic helped kickstart an estimated threefold increase to the value of the global VPN market, which is expected to rise from $25 billion in 2019 to more than $75 billion by 2027.
Individuals are also fuelling this growth and adopting VPNs for personal use. Over three-quarters of VPN users purchase digital content every month, such as streamed music and video, as these can often be restricted depending on a user’s region. The rising use of VPN technology, however, can compromise cybersecurity efforts because threat actors also leverage proxies to hide their activity.
If a remote member of staff accesses their company’s infrastructure using a personal router, but also uses a VPN to stream digital content, then this can make it challenging for IT professionals to distinguish between benign VPN users and genuine threats. As a result, there is a risk that customers or staff are flagged as bad actors while cybercriminals remain undetected.
Weeding out the root of cybercrime with IP address intelligence
To navigate this situation, organisations must find solutions that enable them to discern cybersecurity threats from non-malicious individuals using a VPN. Decision makers can then establish protocols to prevent cybercrime and gather post-action analytics to continuously improve their procedures.
Front-end online security systems, for example, can be fortified with proxy and VPN indicators, which offers additional context around where online traffic originates from. IT teams can then automatically identify suspicious IP addresses and prevent them from accessing a company’s service or network, as well as use variable fraud alerts to separate threats and authentic activity more easily. If cybersecurity professionals know that IP addresses associated with VPN providers in a specific location are high risk, for instance, they can ensure their systems flag this attribute immediately, allowing them to investigate further.
The effectiveness of this approach, however, depends on the accuracy of the available data. Data sources can be drastically different in terms of reliability, so security operators must be careful to select data providers that tap quality sources, and guarantee information is up-to-date and highly accurate. Organisations from a variety of sectors can take advantage of this to shore up their cybersecurity measures. For example, a company offering eCommerce services can use proxy and VPN indicators to set up automated verification procedures for consumer IP addresses. Businesses with a significant remote workforce, meanwhile, can use address-based VPN data to filter out commercial VPNs potentially hiding malicious activities from authentic and trusted VPNs.
It’s also worth noting the value location data adds from a web application firewall (WAF) perspective. Cloud providers want control and visibility when it comes to managing traffic from various locations – particularly suspect regions. If a business knows no employees or trusted individuals should access their systems from a specific region, then IP address location data offers much-needed insight. By first flagging traffic by location of origin, administrators can then process it according to their own authentication rules, like invoking additional multi factor authentication steps, for example.
With over 70% of IT professionals expecting to rely more on third-party vendors for their cybersecurity needs in 2022, it is important to select trusted partners that can address emerging threats. Four in five IT professionals are planning to invest more in cybersecurity, and one-quarter of these intend to increase budgets by up to 50%. As the nature of cybercrime continues to adapt to new technologies, it’s clear that businesses are searching for stronger defences for their digital infrastructure.
Being able to use proxy and VPN intelligence to identify and investigate suspicious activity empowers IT professionals to effectively respond to the latest cyberattacks, safeguard their networks, and significantly minimise the risk of data breaches.