Report: Surge in remote work weakens security posture of companies

Oct. 13, 2020
Lack of training among factors that have has significantly increased risk.

The new report, Cybersecurity in the Remote Work Era: A Global Risk Report, sponsored by Keeper Security and conducted by The Ponemon Institute, examines the most pertinent new challenges organizations face in preventing, detecting and containing cybersecurity attacks in the colloquial "new normal."

63% of US companies have seen an increase in phishing/social engineering during the pandemic, while 52% noted a jump in credential theft and 50% reported a rise in incidences of account takeover, according to the report. Damages or theft to IT infrastructure cost 41% of US businesses to lose as much as $10 million in the last year. The study also revealed the three major contributing forces that have led to this stark rise in attacks:

  • A glaring lack of training and guidance for employees working remotely
  • An ill-equipped and overwhelmed IT security workforce
  • A massive surge in new technology being used to facilitate remote collaboration

"The abrupt and chaotic shift to remote work earlier this year rattled the status quo for companies in the US and around the world," said Darren Guccione, CEO and co-founder of Keeper Security. "Unfortunately, it was fairly easy to predict this global disruption becoming a colossal risk to cybersecurity. Our hope is that by shedding some light on the complexities of what's gone wrong, organizations will have some guidance and direction into how to strengthen approaches to security in the remote world."

Following this monumental shift to remote work, 24% of survey respondents feel their organization has not provided any or adequate education regarding the security risks brought about by remote work. The study revealed more than half (53%) of organizations do not have a policy on the security requirements for remote employees.

The vast majority of the US IT-security pros (67%) believe remote employees' use of their own mobile devices to access business-critical applications and IT infrastructure has had a negative impact on their organization's security posture. Further illustrating the concern, 58% think smartphones represent their organization's most vulnerable endpoint. These risks are not exclusive to the US. More than 65% of organizations overseas believe the Bring Your Own Device trend has decreased their security posture.  

Organizations fear a lack of control, but they feel helpless
Employers are at a loss. The inability to protect employees' devices and activity while they work from home is a major concern, and nearly half (45%) of IT admins expressed worry over the lack of physical security in remote workspaces. An additional 25% are anxious about their inability to secure communications on external networks, and 24% are concerned about the prospect of criminals taking advantage of this by gaining control of personal devices and stealing sensitive information.

Cybercriminals are clearly more than happy to add fuel to the pandemic fire, as half of organizations surveyed in the US, as well as 46% overseas, say they've experienced an attack that specifically leveraged COVID-19 as a threat vector.

"Cybercriminals are quick to exploit any vulnerability, and this year has exemplified that in a major way," said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. "Cybersecurity in the Remote Work Era: A Global Risk Report presents the perspective of just how universal threats, and the heightened sense of anxiety they induce, have become yet another discouraging side effect of the pandemic. The results truly conclude that prioritizing security should be at the top of the list as organizations continue to structure their remote work environments."