Organisations Face Increased Risks
Organisations Face Increased Risks As Threat Actors Target Remote Access Tools And Edge Devices
A recent report, 2025 Predictions, by Arctic Wolf Labs, noted a significant increase in business risk in 2025 as threat actors ramped up their targeting of edge devices and remote access tools. Let’s unpack this prediction and outline their suggestions to help mitigate this kind of attack.
The Changing Face of the Perimeter
In cybersecurity, a layered defence strategy—where multiple security measures work together—has long been a standard approach for protecting enterprise networks. This has never been more important, as we see what was once a well-defined perimeter now becoming more complex, making it increasingly difficult to defend against sophisticated attacks.
Remote Work and New Attack Vectors
Today’s network perimeters are no longer just firewalls and VPNs; they now encompass a broad range of devices and services, from IoT devices and cloud services to customer-facing applications. This transformation has expanded the attack surface significantly, presenting new avenues for cybercriminals. As organisations continue to embrace hybrid and remote work models, their security requirements are evolving to meet new demands, including the use of VPN gateways and Zero Trust Network Access (ZTNA).
Even as some workers return to office settings, the prevalence of remote work remains high, pushing organisations to strengthen their perimeter defences. However, this has also opened up opportunities for attackers to exploit weaknesses in critical tools, such as VPN gateways. While VPNs are essential for remote access, their implementation and configurations are frequently targeted by cybercriminals looking for vulnerabilities to exploit.
The Growing Attack Surface: More Devices, More Risk
With the increasing reliance on edge and OT devices—like IP cameras, industrial IoT gateways, and medical devices—comes a greater risk of misconfigurations or overlooked vulnerabilities. These devices, often overlooked in traditional security models, can be compromised by attackers seeking a foothold into corporate networks. Every new device added to the network increases the potential for breaches if not properly secured and monitored – ideally with a strong Threat Detection and Response Solution.
Exploiting Remote Access Tools
Threat actors have adapted to these changes by focusing on the tools businesses rely on to support remote work. VPN gateways, which enable employees to access networks from remote locations, have become a prime target. A recent wave of attacks targeted vulnerabilities in VPN systems, underscoring the importance of staying vigilant with regular patching and updates – but also highlighting the need for continuous and effective monitoring and visibility into what is happening on the network, so if a breach does occur, it can be addressed swiftly.
Credential Theft and Access Abuse
A significant vulnerability in many organisations is the reliance on user credentials, which are often targeted in phishing and credential theft attacks. Once compromised, these credentials can give attackers access to sensitive environments, potentially enabling ransomware deployment or data exfiltration. The speed at which attackers can move from initial access to exploitation is staggering – often just hours. The ability to quickly identify unusual behaviour, privilege elevation or lateral movement is essential to cease an attack in its tracks.
A Broader Threat to Industries
Although all industries are at risk, certain sectors have seen more targeted attacks, Artic Wolf’s report states that manufacturing, in particular, has been disproportionately affected. In fact, data showed that 44% of all cases investigated were in manufacturing, illustrating that cybercriminals are honing in on these industries.
No Organisation is Safe
The above notwithstanding, regardless of industry or size, no organisation is immune from these threats. Even smaller companies with limited security budgets are vulnerable to opportunistic attacks, such as ransomware campaigns targeting businesses with less robust network defences. This trend has been particularly evident in 2024, with smaller businesses becoming prime targets for cybercriminals looking for easy access.
Key Recommendations for Strengthening Security
To mitigate the growing risks, organisations should consider the following strategies:
- Enhance Visibility: Ensure that all network and endpoint activity is tracked. This will help detect intrusions early, as indicators of compromise can be elusive. A good XDR solution is key to enabling this.
- Credential Management: Educate employees on best practices for credential hygiene and consider subscribing to threat intelligence services that monitor credential leaks.
- Network Segmentation: Limit the impact of compromised accounts by segmenting your network. By isolating critical assets and creating micro-perimeters, organisations can prevent unauthorised users from accessing sensitive systems.
- Vulnerability Management: Develop a robust vulnerability management program that prioritises timely remediation of vulnerabilities and includes continuous monitoring.
- IoT Security: Pay extra attention to the security of Internet of Things (IoT) devices. These often lack strong security features and can be forgotten after installation, leaving them open to attack.