IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely, according to ThreatX.
With more endpoints and applications in use, and often personal rather than corporate issued, the risk to corporate data may increase. Given APIs are the driving force behind these connections, the study reinforces the need for prioritizing API and application security.
ThreatX surveyed 2,000 consumers across the US and UK to assess whether employees’ behaviors during the summer are inadvertently increasing API and application risk. 55% of employees admit to relying solely on their mobile devices while working from vacation and holiday destinations in the summer. Further, 25% claim that they aren’t concerned about ensuring network connections are secure when accessing company data, and only 12% use a VPN when traveling and working remotely.
The results show that employees increasingly rely on personal devices to access corporate data during the summer, which could open the door to cyber criminals seeking to penetrate corporate networks. And with 38% of respondents neglecting to notify their employers when working from new locations while traveling, it becomes harder for IT teams to monitor BYOD policies and application usage.
“The summer months lead to increased cybersecurity risks as employees’ behaviors shift and as cyber hygiene becomes laxer. Factors such as increased remote work and travel, and even employees’ children using parents’ devices to browse the internet and play games, all can potentially expose corporate data through attacked APIs,” said Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX.
“To avoid this, it’s important organizations strengthen the visibility and security by tracking, monitoring, and uncovering vulnerable API and applications,” Ventura added.
Younger employees are most likely to use mobile devices for work
When traveling or working remotely, 67% of Millennial employees (compared to 55% overall) said they depend on their personal mobile devices to work. This signals that the younger generations who make up the largest percentage of today’s workforce, are increasingly relying on their personal mobile devices to work, which poses more risk to an organization’s security.
Organizations need summer security trainings
45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cybersecurity trainings and guides and even less (17%) in the US.
US and UK employees have very similar summer behaviors
Both admitted to using public or local WiFi or cellular data most (51% in US, 47% in UK) when working from different locations, and both were only somewhat concerned about the security risks of doing so when accessing corporate data (34% in US, 36% in UK).
The findings from ThreatX’s survey highlight a cybersecurity gap with potentially harmful ramifications during summer work months. The exploitation of the zero-day attack on Zellis by way of the MOVEit file transfer tool over Memorial Day Weekend is just one example of the ways in which bad actors attack organizations during holiday and summer months as security resources soften.
Enterprises need to prevent future breaches via vulnerable APIs by implementing enhanced security measures that deploy always-on threat monitoring for suspicious activity and develop a security best practice guide that’s regularly updated, instilling a heightened awareness across threats during summer months.