There has been a global increase in nearly all types of cyber attacks since the COVID-19 social distancing measures began, driven primarily by the unprecedented increase in remote work. While there have been general suspicions and theories that the rapid uptake of personal devices and new cloud-based collaboration services has prompted this surge, there has been relatively little specific data about the phenomenon. A new study from Keeper Security and the Ponemon Institute has put some numbers behind these assumptions.
Among other things, the study confirms that organizations are seeing a massive increase in attack attempts that can be tied to remote work. But the blame cannot be neatly shifted onto lax employees and personal devices; the primary issue appears to be a combination of lack of guidance for workers and a lack of support for beleaguered IT departments facing a wave of new challenges.
Breaking down the pandemic’s cyber attacks
“Cybersecurity in the Remote Work Era: A Global Risk Report” surveyed 2,215 IT and information security personnel in the United States, Europe, Australia and New Zealand. All of these organizations have directed employees to work remotely due to the pandemic conditions; on average each organization had about 58% of its workforce working remotely, up from 22% before the pandemic began.
The first big takeaway is that organizations are reporting a drastic reduction in security posture since the pandemic began, with the number that feel they are effectively positioned against cyber attacks plummeting to 44% (from 71% early in the year).
71% of organizations are very concerned about remote workers being the cause of a data breach, and unsurprisingly the biggest concerns are the state of their personal devices and their physical security practices. A whopping 42% of organizations are reporting that they simply do not know how to defend against cyber attacks that are aimed at remote workers. 31% say they are not requiring remote workers to use authentication methods, and only 35% require multi-factor authentication.
IT departments are also clearly still overburdened by this sudden pivot to an unfamiliar situation. 56% say that the time needed to respond to cyber attacks has increased, which pairs with a 59% increase in access to business-critical applications. 60% of respondents have already experienced cyber attacks during the pandemic, with 51% saying that malware or exploits managed to get past their defenses. Of these attacks, credential theft (56%) and phishing (48%) are the most common approaches. The average cost to deal with one of these incidents was $2.4 million.
In spite of the clear need for increased IT intervention, budgets and resources do not appear to be flowing in these new working environments. Only 45% of organizations report having an adequate budget to cover the increased risks created by the remote work situation, and only 39% feel they have adequate expertise available on staff. In terms of security measures, only 47% of respondents are monitoring their networks 24/7 and 50% are encrypting sensitive data. Training is also lagging behind the problem with only 50% having a security policy for remote workers in place and only 43% running awareness campaigns to help make these workers aware of the risks.
Long-term remote work risks?
While this might be seen as a temporary crisis to steer through for the duration of the pandemic, there is much speculation that remote work will be the “new normal” going forward. Some of the survey results support this idea; 60% of respondents say that remote work is saving the organization money, and 56% expect it to continue past the pandemic.
Responses to specific challenges created by the remote work situation indicate that for this to indeed become the “new normal,” resources will have to be shifted to address these various security problems. When asked about specific challenges 44% named insufficient budget, 42% named lack of understanding of how to deal with cyber attacks on workers and home networks, and 27% felt that the current security technologies in place were insufficient to keep pace with data breaches.
Respondents also name remote worker endpoints as the biggest of the current cybersecurity risks. Smart phones (55%), laptops (50%), mobile devices (48%) and cloud systems (47%) are by far the greatest points of concern as vulnerable intrusion points. Of the 43% that are currently running remote worker security awareness programs, the responses indicate that the training focus may not be lining up with the most common threats. While strong passwords (63%) and proper use of anti-virus software (60%) are certainly important elements, only 30% are conducting phishing email recognition training in spite of it being one of the leading breach causes in the remote working world.
Ponemon’s recommendations for mitigating cyber attacks include requiring multifactor authentication of all remote workers, implementing a remote access security policy that requires workers to keep all computers and devices patched and updated, mandating periodic password changes, and maintaining a clear line of contact to the organization’s security team or help desk. Keeper CEO and Co-founder Darren Guccione’s recommended number one action for security teams was this: “Because cybersecurity threats are so pervasive and frequent, every organization must make sure that its IT budget and planning process place cybersecurity protection as a priority. Cybersecurity must permeate every aspect of the organization’s IT infrastructure and distributed remote work environment.”