Laptop with coffee cup and open book on table showing how remote working has led to increased security incidents

Half of All Organizations Experienced Cyber Security Incidents During the Remote Working Period

Half of all organizations experienced security incidents associated with remote working during the lockdown period, according to a report by Tessian. The “Securing the Future of Hybrid Working” report also found that phishing remained the most prevalent threat facing employees working remotely. While remote working was a predisposing factor for cyberattacks, the Tessian report found that most employees prefer hybrid working environments, with just 11% exclusively preferring office work.

Tim Sadler, CEO and Co-Founder of Tessian noted that “While remote working was an option for some employees pre-pandemic, and while some companies are more familiar with flexible working arrangements, not all employees got to experience it because of scheduling and business demands which meant they still needed to physically be in the office. Now, the majority of office workers are working from home. And it’s going to be hard for businesses to justify why their workers need to come into the office every day of the week, post-pandemic.”

The report recommended that businesses should adapt to their employees’ needs to guarantee the safety of the organizations’ systems.

Remote working arrangements responsible for increased security incidents

The report found that 75% of IT decision-makers believed that hybrid or remote working was the future of the workplace. Hybrid working environments allow employees to choose between working in the office or at remote locations of their choice.

However, 85% of IT leaders also believed that hybrid and remote working plans led to an increase in the number of security incidents recorded between March and July 2020.

During this period, a third of organizations experienced ransomware attacks while half experienced a data breach or a security incident.

Insider threats more prevalent in hybrid and remote working plans

Remote working exposed businesses to insider threats, according to 78% of the respondents. IT leaders believed that a remote employee was more likely to use an infected personal device or share sensitive data with personal accounts while working from home.

Data highlighted that insider threats were responsible for 43% of the security incidents recorded. Results for the same period also showed that 27% of the IT leaders reported more security breaches related to insider threats.

There was also a 25% increase in the number of remote workers trying to exfiltrate data from the corporate networks.

“Businesses’ security is under threat as employees feel they can get away with riskier behaviors when working away from the office and hackers are taking advantage of the shift,” noted Sadler. “With remote, or hybrid, working arrangements set to stay for the longer term, businesses need to ensure their staff are able to work safely and efficiently, regardless of their environment.”

Reliance on emails responsible for the rise in phishing attacks

Reliance on emails opened an attack surface that the threat actors were eager to exploit. The Tessian report showed that 57% of the remote workforce mostly relied on emails for communication. Another 57% and 67% relied on instant messaging and video conferencing, respectively.  Tessian recorded over 128,000 malicious emails during the past five months compared to 44,000 during the last period.

More than three-quarters (78%) of remote workers said they had received a phishing email while working on personal devices. And 68% admitted to clicking on the malicious links or downloading the attachments contained in such emails.

Consequently, phishing remained the most popular attack method and was responsible for almost half (49%) of all the security incidents.

Voice phishing (Vishing) and SMS phishing (Smishing) were responsible for 24% and 29% of the security incidents recorded respectively. Overall, phishing was responsible for 30% of all ransomware-related security incidents recorded during the period.

Mitigating the risks associated with remote working

Given that this hybrid working model may be for the longer term and perhaps the new normal for businesses, security teams will need to adapt and implement robust and sustainable security controls.

“An important first step is educating people the threats they could face and providing training on safe remote working behaviors – something nearly a third of companies said they did not do at the start of the lockdown period this year,” recommends Sadler.

“IT teams also need greater visibility into the employee behaviors that could compromise cybersecurity. A previous Tessian study found that employees feel as though they can get away from unsafe data practices when working remotely because they aren’t being watched by their IT teams. IT teams need insight into their riskiest and most at-risk employees in order to tailor training and policies and improve people’s behaviors over time.

#Insiderthreats contributed to 43% of all #security incidents as workers tried to exfiltrate company data and shared sensitive information with personal accounts. #cybersecurity #respectdata Click to Tweet

“Businesses should also deshame the reporting of mistakes by creating a security culture that encourages employees to report their mistakes to the IT team, as well as reporting when they receive malicious emails. Otherwise, these mistakes will continue happening – and IT teams are none the wiser about how or why security incidents are happening.

“Lastly, businesses need to ensure new security solutions and policies do not hinder employee productivity. People want flexibility, and all too often security can disrupt their workflow and stand in the way of them getting their jobs done. Security solutions that sit in the background, silently learning the behaviors of each individual employee over time so that they can detect and alert people to threats as and when they occur, will be invaluable to stopping people making mistakes that compromise cybersecurity.”