Remote working cybersecurity has a big ‘flaw in the plan’

While spend on cybersecurity tech remains strong amid a budget freeze, organizations are overlooking a key cause of compromise: workers.
22 April 2020

It just takes a rogue click to bring down an organization. Source: Shutterstock

  • Spend on enterprise software is pulling back, but cybersecurity has been somewhat immune
  • Despite security drawing budgets, organizations are missing quick-wins in team-wide cybersec awareness

As software and solutions sales tumble as external spending budgets are shored up, the cybersecurity sector seems to be the only one still skimming any cream off the enterprise IT sector.

In an uncertain economy, investments in cybersecurity remain of tactical significance – as if the risks of going under weren’t enough, having sensitive client data breached because of an inadequately-secured ‘remote’ network compromise could well be irreparable damage at this point.

As such, investment in endpoint solutions that help protect now-remote workforces are vital.

A report by the IDC found that while two-thirds (67 percent) of CFOs plan to defer or cancel planned investments, when it comes to cybersecurity, just 2 percent of finance leaders want to cut spending.

And while investment in this area rattles on, businesses at large don’t seem to be upping their resources when it comes to general cybersecurity policy.

It’s a measure which, beyond the time spent researching, organizing it, and delivering it with aplomb, doesn’t carry any cost at all; and it’s also the area which, without any instruction, could undermine all that valuable spend earmarked for cybersecurity solutions.

All gear, no idea?

According to recent research by Promon, an Oslo-based cybersecurity company (which last year revealed flaws in the Home Office’s Brexit app), two-thirds of the UK’s newly-remote workforce claim to have not been given any cybersecurity training from employers within the past 12 months.

More than three-quarters (77 percent) aren’t worried about their cybersecurity while working remotely, despite a well-publicized spike in cybercrime since the Covid-19 lockdowns took effect.

With the majority of people now working remotely, Promon calls these statistics both ‘worrying’ and a ‘flaw in the plan’ for companies which have left themselves unprepared to manage the human factor of cybersecurity – the notion that regardless of measures in place, all it takes is one link clicked in a malicious email for serious damage to be inflicted on a corporate network (not to mention the individual’s own personal details being compromised).

This all comes in light of a report last year commissioned by the ICO found that human error was attributable to a shocking 90 percent of cyber data breaches throughout the year – and that’s just one of many such findings.

Right now, it’s also exacerbated by the use of personal devices – 61 percent of workers are doing so – which lack enterprise-grade security tools.

“It’s concerning to find that such a large number of workers don’t have the necessary training to spot a potential cyber threat, such as a phishing email or spoofed website, as these are the main ways in which cybercriminals are executing their attacks,” said Promon CTO and co-founder, Tom Lysemose Hansen.

“Organizations must ensure that staff who are working remotely are doing so in secure environments, whether that’s on personal or corporate devices, and it’s critical that they provide the necessary training and tools to ensure corporate data is protected.”

The findings by Promon are far from outliers, but the inaction by companies to address this awareness gap isn’t due to a lack of understanding of the problem among the organization’s leadership. Another study (carried out preceding the pandemic) by the Californian maker of hardware-encrypted USB drives Apricorn found that more than half (57 percent) of UK IT decision makers believe that remote workers will expose their organization to the risk of a data breach.

In 2019, 47 percen) admitted that their remote workers had already knowingly put corporate data at risk of a breach in the last year; this has now dropped slightly to 44 percent.

Apathy continues to be a major problem, with just over a third (34 percent) of IT leaders saying their remote workers simply don’t care about security.

While the current situation has laid bare the awareness problem, it’s crucial for business leaders to address it for the long term, particularly as more organizations are likely to embrace remote working style after the lockdowns are lifted and attacks become ever-more sophisticated and damaging in their nature.

“Remote working is not a new concept, but with so many employees now having had a taste for home working, it might be hard for businesses to put that particular lid back on – so they need to figure out where their vulnerabilities lie now, and address them,” said Jon Fielding, Apricorn’s Managing Director EMEA.

TechHQ recently explored three steps leaders can do in order to raise cyber awareness in their workplace with results.