Surge in Remote Work Weakens Security Posture of Many U.S. Companies
Wednesday, October 21st, 2020
Businesses around the U.S. have experienced a significant and correlating spike in cyberattacks since remote work began in early 2020. Cybersecurity in the Remote Work Era: A Global Risk Report, sponsored by Keeper Security and conducted by The Ponemon Institute, surfaced and examined the most pertinent new challenges organizations today face in preventing, detecting and containing cybersecurity attacks in the colloquial "new normal."
A striking 63% of U.S. companies have seen an increase in phishing/social engineering during the pandemic, 52% noted a jump in credential theft and 50% reported a rise in incidences of account takeover. Damages or theft to IT infrastructure cost 41% of U.S. businesses to lose $5 million to $10 million or more in the last year. The study also revealed the three major contributing forces that have led to this stark rise in attacks:
- A glaring lack of training and guidance for employees working remotely
- An ill-equipped and overwhelmed IT security workforce
- And a massive surge in new technology being used to facilitate remote collaboration
"The abrupt and chaotic shift to remote work earlier this year rattled the status quo for companies in the U.S and around the world," said Darren Guccione, CEO and Co-Founder of Keeper Security. "Unfortunately, it was fairly easy to predict this global disruption becoming a colossal risk to cybersecurity. Our hope is that by shedding some light on the complexities of what's gone wrong, organizations will have some guidance and direction into how to strengthen approaches to security in the remote world."
Remote employees are major liabilities, but it's not entirely through a fault of their own
Following this monumental shift to remote work, 24% of respondents feel their organization has not provided any or adequate education regarding the security risks brought about by remote work. The study revealed more than half (53%) of organizations do not have a policy on the security requirements for remote employees.
The vast majority of the U.S. IT security pros (67%) believe remote employees' use of their own mobile devices to access business-critical applications and IT infrastructure has had a negative impact on their organization's security posture. Further illustrating the concern, 58% think smartphones represent their organization's most vulnerable endpoint. These risks are not exclusive to the U.S. More than 65% of organizations overseas believe the Bring Your Own Device trend has decreased their security posture.
Organizations fear a lack of control, but they feel helpless
Employers are at a loss. The inability to protect employees' devices and activity while they work from home is a major concern, and nearly half (45%) of IT admins expressed worry over the lack of physical security in remote workspaces. An additional 25% are anxious about their inability to secure communications on external networks, and 24% are concerned about the prospect of criminals taking advantage of this by gaining control of personal devices and stealing sensitive information.
Cybercriminals are clearly more than happy to add fuel to the pandemic fire, as half of organizations surveyed in the U.S, as well as 46% overseas, say they've experienced an attack that specifically leveraged COVID-19 as a threat vector.
"Cybercriminals are quick to exploit any vulnerability, and this year has exemplified that in a major way," said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. "Cybersecurity in the Remote Work Era: A Global Risk Report presents the perspective of just how universal threats, and the heightened sense of anxiety they induce, have become yet another discouraging side effect of the pandemic. The results truly conclude that prioritizing security should be at the top of the list as organizations continue to structure their remote work environments."
Uncover the research findings live with Dr. Larry Ponemon and Darren Guccione
Join renowned cybersecurity expert Dr. Eric Cole on Tuesday, Oct 13 at 1:00 PM CT, as he moderates a dynamic discussion with The Ponemon Institute's Dr. Larry Ponemon and Keeper Security CEO and Co-Founder Darren Guccione, as they unveil the U.S. results of "Cybersecurity in the Remote Work Era: A Global Risk Report", including:
- The effect of COVID-19 on cybersecurity posture
- The most common types of attacks faced in 2020
- The measures organizations need to plan to successfully mitigate a data breach
To download a copy of the Cybersecurity in the Remote Work Era: A Global Risk Report, please visit https://www.keepersecurity.com/ponemon2020.html. For more information on Keeper Security, please go to https://keepersecurity.com.