Woman typing on laptop showing cyber risks from remote workers during pandemic

Cyber Risks From Technology Adopted During Pandemic Responsible for 74% Of Attacks on 94% Of Businesses in Past 12 Months

A Tenable commissioned study found that most (94%) organizations suffered a cyber attack in the past 12 months.

Almost three-quarters of the businesses attributed these cyber attacks to vulnerabilities in technology put in place during the pandemic.

The new security challenges emerged as businesses were expanding the new world of work to allow workers to remain productive during the pandemic.

The data is drawn from a study conducted by Forrester Consulting on behalf of Tenable. The study, which revealed the increasing cyber risks as a result of remote work, polled 1,300 security leaders, business executives, and remote employees.

Pandemic accelerated remote work and cloud adoption

More than three-quarters (78%) of the respondents polled said their companies have some portion of their employees working from home, while another 50% have more than half of their workers working remotely after more than a year into the pandemic.

More than nine out ten (92%) organizations say that remote work will be permanent in the next two years.

Additionally, more than four out of ten businesses moved their business-critical functions to the cloud, while 36% moved non-business-critical functions in response to the pandemic.

Remote work and cloud adoption increase cyber risks

The study found that 80% of security and business leaders believe that their organizations face more cyber risks because of this migration. And nearly three-quarters (73%) say that their organizations’ data faced greater cyber risks since the onset of the pandemic.

These cyber risks were exacerbated by the rush to adopt technology without conducting proper vetting to avoid hurting productivity.

“The pandemic response accelerated the pace of technological adoption, with IT and security teams turning to cloud-based solutions, expanding the software supply chain, and quickly rolling out tools for connectivity, collaboration, and productivity – oftentimes without a thorough vetting process,” the researchers wrote.

Huge discrepancy between remote workers’ security practices and beliefs

Just over a third (34%) of remote workers polled follow their security guidelines, with over half accessing customers’ data using personal devices. More than four out of ten remote workers believe that security practices hinder their productivity.

Over a quarter (27%) deliberately ignore or circumvent cybersecurity policies, while 36% delay applying device updates.

Additionally, almost all (98%) remote workers use at least one personal device for work daily. Remote workers have at least eight devices and an average of three people connected to their home network on a typical day. These connected devices include personal devices, appliances, wearables, gaming systems, and employer-provisioned devices.

Despite their appalling security practices, the remote workers were not inherently ignorant of the various cyber risks their organizations faced. For example, eight out of ten employees consider customer data protection to be “somewhat” or “very important,” while 63% say it’s important to guard their organizations from theft of intellectual property.

However, only 56% of security leaders believed that employees were taking adequate steps to protect their organizations’ intellectual property and systems.

Lack of visibility and staff exacerbates remote cyber risks

Almost three-quarters (71%) of security leaders said they lack high level or complete visibility into workers’ home networks, while 64% lacked visibility into remote workers’ connected devices.

Additionally, the lack of visibility into partners was a huge concern as organizations expanded their supply chain.

Only 46% of security leaders said they had visibility into their partners. This unfortunate situation was despite 65% of security leaders attributing recent cyberattacks to a third-party software vendor compromise.

Similarly, just a third (33%) of security leaders and business executives say they have enough staff to adequately monitor all their organizations’ attack surfaces.

However, most security leaders were seeking to manage cyber risks that their organizations were facing. For example, almost two-thirds (64%) or of the organizations plan to employ more staff within the next 12 to 24 months.

Tenable Chief Technology Officer and co-founder Renaud Deraison noted that forward leaning organizations perceive cybersecurity strategy as a crucial tool for innovation.

“This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattack and another that accelerates business productivity and operations in a secure way,” added Tenable CEO Amit Yoran.