Technologies implemented during the pandemic caused increased cyber attacks
Cyber-attacks increased tremendously in the last 24 months, especially when the pandemic forced most companies to switch to remote working. Despite the ability of most to adapt quickly, many organizations overlooked cybersecurity protection.
When remote work kicked in, most companies were quick to provide their employees with devices that were not fully secured. Some employees were even told to use their own devices for work. This was partly because many thought remote working would only last a couple of weeks, but it was then extended for much longer periods.
Despite some companies requesting their employees to return to work, many are still working remotely. For IT teams, securing the remote workforce means installing security protection remotely as well. This included having employees download security and remote working software on their own, which in turn can lead to security vulnerabilities.
According to data from Beyond Boundaries: The Future of Cybersecurity in the New World of Work, 72% of UK organizations reported cyberattacks that are attributed to vulnerabilities in technology that were put in place during the pandemic, while another 68% suffered attacks that targeted remote workers.
The study was conducted by Forrester Consulting on behalf of Tenable on more than 1,300 security leaders, business executives, and remote employees, including 168 respondents in the UK.
While the pandemic continues to show uncertainties, more organizations are looking to make remote work or hybrid work the new normal of employment. In fact, 70% of UK organizations now support remote employees, compared to 31% before the pandemic, while 86% plan to permanently adopt a remote working policy or have already done so. But embracing this new world of work has opened organizations to new and unmanaged cyber risk.
Reducing cyber-attacks by securing both the hybrid and remote workforce
The study showed that only 48% of UK organizations are adequately prepared to support hybrid working models from a security standpoint. The result is that 78% of security and business leaders believe their organization is more exposed to cyber-attacks as a result of remote work.
The use of personal devices for work, not taking security seriously, unsecured network access, and a lack of visibility by employers are some of the reasons that are exposing employees to cyberattacks.
For David Cummins, VP of EMEA, Tenable, the rapid adoption of technology to support a hybrid working model and moving business-critical functions to the cloud were a necessity driven by circumstance.
“The reality has seen the corporate attack surface explode, with many organizations still struggling to understand and address the risks introduced. Managing the plethora of technologies is now necessary to ensure enterprises aren’t left vulnerable and susceptible to cyber-attacks.”
Despite the increase in cloud adoption for critical systems, many remote employees are still not fully secured as 80% of security leaders believe it only increased the organization’s exposure to cyber-attacks.
With 46% of organizations moving business-critical functions to the cloud, including accounting and finance (42%) and human resources (33%), security leaders are still not convinced that remote working employees are fully secured.
To make matters more concerning, 90% of organizations experienced a business-impacting cyberattack in the last 12 months, with 51% falling victim to three or more.
In the Asia Pacific, the top five cyber threats highlighted included ransomware, watering hole attacks, advanced persistent threats, malicious insiders, and fileless attacks. For infrastructures, malicious and negligent insiders, as well as cloud computing infrastructure providers and organizational misalignment, were the top cyber risks, according to findings from Trend Micro’s Biannual Cyber Risk Index report.
According to Amit Yoran, CEO at Tenable, with remote and hybrid work strategies here to stay, the risks they introduce will also be there unless organizations get a handle on what their new attack surface looks like.
“This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattacks and another that accelerates business productivity and operations in a secure way. CISOs and CEOs have the opportunity and responsibility to securely harness the power of technology and manage cyber risk for the new world of work.”
As such, security professionals want organizations to increase network security investments, with 75% hoping to see it in the next 12 to 24 months. The majority of them want to see increase security spending on cloud security and vulnerability management. An improve security may just enable businesses to secure their employees, regardless of if they are working remotely or on a hybrid work model. This also enables a company to plan both short- and long-term business strategies.