New research shows almost three quarters of large businesses believe remote working policies introduced to help stop the spread of COVID-19 are making their companies more vulnerable to cyberattacks.
You need to take steps to protect the remote workforce
AT&T’s study of 800 cybersecurity professionals across the UK, France and Germany shows that while 88% initially felt well prepared for the migration, 55% now believe widespread remote working is making their companies more or much more vulnerable to cyberattacks. This figure jumps to 70% for large businesses with over 5,000 employees.
“Cybercriminals are opportunistic, taking advantage of the fear and uncertainty surrounding issues like the current global health and economic situation as well as sudden shifts and exposures in IT environments to launch attack campaigns,” said John Vladimir Slamecka, AT&T region president, EMEA. “It can be a challenge for IT organisations to stay on top of emergent threat activity in the wild.”
The biggest risk? Employees
Employees are the biggest risk identified by the cyber experts. The AT&T research points to a lack of awareness, apathy and/or reluctance to adapt to new technologies as the biggest challenge to implementing good cybersecurity practices within their business (31%). They report that 35% of employees are using devices for both work and personal uses, 24% are sharing or storing sensitive information in unsanctioned cloud applications, and 18% are sharing their work device with another family member.
While many businesses have introduced new cybersecurity measures to mitigate risks since the onset of COVID-19, a large minority have not taken basic steps to protect a suddenly remote workforce. 25% have not offered additional cybersecurity training for employees; 24% have not created secure gateways to applications hosted in the cloud or in a data centre; 22% have not increased endpoint security to protect laptops and mobile phones; and 17% have not implemented internet browsing protection from web-based threats.
Exploiting the fear and uncertainty
Cybercriminals are exploiting the fear and uncertainty surrounding COVID-19 and current economic concerns as topics for phishing and other fraud activities. Simultaneously, they are attempting to take advantage of the new remote workforces to launch attack campaigns. 44% of cybersecurity experts cite ransomware and/or malware attacks as their top security concern. Phishing (39%) and external threats such as nation-state attacks or hacking (39%) round off their top three concerns.
Faced with a multitude of urgent cyber risk and compliance challenges, cyber security experts are also gearing up for new innovations as a response to business conditions around COVID-19. 47% expect more digital transformation of business processes and cloud implementation in the year to come. 40% believe that their business will adopt new automation and robotic tools. For the largest businesses, those with more than 5,000 employees, 48% will be changing their technology partners in the next year.
“While many organisations had already supported some remote workers on a regular basis, the sudden increase has put stress on IT systems, processes, and teams,” said Slamecka. “Others have had to scramble to quickly roll out solutions focused on keeping their entire workforce connected and productive.
“In either case, sudden and unplanned changes in the way workers connect to the corporate network and access corporate data and applications in the data centre and cloud can introduce new cyber risks and vulnerabilities,” he adds. “This is the time to put robust security measures into place that will protect employees and companies for the opportunities and challenges of the future.”