Cyber attacks increased tremendously in the last 24 months, especially when the pandemic forced most companies to switch to remote work. Despite the ability of most companies to adapt quickly to remote work, many organizations overlooked their cybersecurity protection when allowing their employees to work remotely.
When remote working kicked in, most companies were quick to provide their employees with devices that were not fully secured. Some employees were even told to use their own devices for work. This was partly because many thought remote working would only last a couple of weeks, but it was then extended for much lengthier periods.
Despite some companies requesting their employees to return to work, many are still working fully remote or splitting their time between the workplace and remote locations. For IT teams, securing the remote workforce means installing security protection offsite as well. This sometimes meant having employees download security and remote working software on their own, which in turn can lead to security vulnerabilities.
According to data from Beyond Boundaries: The Future of Cybersecurity in the New World of Work, 72% of UK organizations reported cyber attacks that are attributed to vulnerabilities in technology that were put in place during the pandemic, while another 68% suffered incidents that targeted remote workers.
The study conducted by Forrester Consulting on behalf of Tenable concentrated on more than 1,300 security leaders, business executives, and remote employees, including 168 respondents in the UK.
While the pandemic continues to show uncertainties, more organizations are looking to make remote work or hybrid work the new normal of employment. In fact, 70% of UK organizations now support remote employees, compared to 31% before the pandemic, while 86% plan to permanently adopt a remote working policy or have already done so. But embracing this new world of work has opened organizations to new and unmanaged cyber risk.
Cutting cyber attacks by securing both hybrid and remote workforce
The study showed that less than half (48%) of UK organizations are adequately prepared to support hybrid working models from a security standpoint. The result is that 78% of security and business leaders believe their organization is more exposed to cyber-attacks as a result of remote work.
The use of personal devices for work, not taking security seriously, unsecured network access, and a lack of visibility by employers are some of the reasons that are exposing employees to cyberattacks.
Despite the increase in cloud adoption for critical systems, many remote employees are still not fully secured — instead 80% of security leaders believe it only increased the organization’s exposure to cyber-attacks. With 46% of organizations moving business-critical functions to the cloud, including accounting and finance (42%) and human resources (33%), security heads are still not convinced that remote working employees are fully secured.
To make matters more concerning, 90% of organizations experienced a business-impacting cyberattack in the last 12 months, with 51% falling victim to three or more. According to Amit Yoran, CEO at Tenable, with remote and hybrid work strategies here to stay, the risks they introduce will also be there unless organizations get a handle on what their new attack surface looks like.
“This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattacks and another that accelerates business productivity and operations in a secure way. CISOs and CEOs have the opportunity and responsibility to securely harness the power of technology and manage cyber risk for the new world of work.”
As such, security professionals want organizations to increase network security investments, with 75% hoping to see it in the next 12 to 24 months. The majority of them want to see increase security spending on cloud security and vulnerability management. An improved security posture may just enable businesses to protect their employees, regardless if they are working remotely or on a hybrid work model. This puts a company in a much surer place to plan both short- and long-term business strategies.
For David Cummins, VP of EMEA, Tenable, the rapid adoption of technology to support hybrid working and moving business-critical functions to the cloud was a necessity driven by circumstance. “The reality has seen the corporate attack surface explode, with many organizations still struggling to understand and address the risks introduced. Managing the plethora of technologies is now necessary to ensure enterprises aren’t left vulnerable and susceptible to cyber-attacks.”