Businesses around the U.S. have experienced a significant and correlating spike in cyberattacks since remote work began in early 2020. Cybersecurity in the Remote Work Era: A Global Risk Report, sponsored by Keeper Security and conducted by The Ponemon Institute, surfaced and examined the most pertinent new challenges organizations today face in preventing, detecting and containing cybersecurity attacks in the colloquial “new normal.”
63% of U.S. companies have seen an increase in phishing/social engineering during the pandemic; 52% noted a jump in credential theft and 50% reported a rise in incidences of account takeover. Damages or theft to IT infrastructure cost 41% of U.S. businesses to lose $5 million to $10 million or more in the last year. The study also revealed the three major contributing forces that have led to this stark rise in attacks:
- A lack of training and guidance for employees working remotely,
- An ill-equipped and overwhelmed IT security workforce,
- And a surge in new technology being used to facilitate remote collaboration.
Remote employees are major liabilities, but it’s not entirely through a fault of their own
Following this monumental shift to remote work, 24% of respondents feel their organization has not provided any or adequate education regarding the security risks brought about by remote work. The study revealed more than half (53%) of organizations do not have a policy on the security requirements for remote employees.
The vast majority of the U.S. IT security pros (67%) believe remote employees’ use of their own mobile devices to access business-critical applications and IT infrastructure has had a negative impact on their organization’s security posture. Further illustrating the concern, 58% think smartphones represent their organization’s most vulnerable endpoint. These risks are not exclusive to the U.S. More than 65% of organizations overseas believe the Bring Your Own Device trend has decreased their security posture.
Organizations fear a lack of control, but they feel helpless
Employers are at a loss. The inability to protect employees’ devices and activity while they work from home is a major concern, and nearly half (45%) of IT admins expressed worry over the lack of physical security in remote workspaces. An additional 25% are anxious about their inability to secure communications on external networks, and 24% are concerned about the prospect of criminals taking advantage of this by gaining control of personal devices and stealing sensitive information.
Cybercriminals are clearly more than happy to add fuel to the pandemic fire, as half of organizations surveyed in the U.S, as well as 46% overseas, say they’ve experienced an attack that specifically leveraged COVID-19 as a threat vector.
“Cybercriminals are quick to exploit any vulnerability, and this year has exemplified that in a major way,” said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. “Cybersecurity in the Remote Work Era: A Global Risk Report presents the perspective of just how universal threats, and the heightened sense of anxiety they induce, have become yet another discouraging side effect of the pandemic. The results truly conclude that prioritizing security should be at the top of the list as organizations continue to structure their remote work environments.”