October is National Cybersecurity Awareness Month, and this year, things are quite different. The manner in which all of us live and work have been markedly changed by the COVID-19 pandemic. Reflecting this new normal, the Ponemon Institute has released the results of Cybersecurity in the Remote Work Era: A Global Risk Report. The report, commissioned by Keeper Security, compiles responses from 2,215 IT and IT security practitioners in the U.S., U.K., DACH, Benelux, Scandinavia and AUZ.
This year’s findings underscore the significant cybersecurity challenges faced by U.S. businesses as they struggle to adapt to a post-pandemic world where many, if not all of their employees are working remotely.
Social engineering attacks have risen dramatically
In addition to threatening Americans’ health, COVID-19 is a clear and present danger to organizational cybersecurity. Far from slowing down, cybercriminals stepped up their game once the pandemic hit. Social engineering tactics are their weapon of choice, as they seek to take advantage of the confusion that occurred when U.S. companies had to suddenly and rapidly deploy and secure remote workforces in very large numbers.
Since the pandemic began:
63% of U.S. respondents saw an increase in phishing/social engineering attacks
52% reported a rise in credential theft
50% reported a rise in account takeover attacks
Further, as American workers’ inboxes fill up with news alerts about the pandemic, cybercriminals are attempting to use the crisis as bait. Half of U.S. respondents to the Ponemon survey said that their organizations had experienced an attack that specifically leveraged COVID-19.
Security personnel worry about remote workspace security
Security personnel can control employees’ on-prem work environments to a large extent. For example, they can enforce bring your own device (BYOD) policies and ensure that company-owned devices are physically secured.
Once employees have left the building to work, all those controls go out the window, and that’s keeping security personnel up at night:
45% of U.S. respondents are worried about the lack of physical security in remote employees’ workspaces
67% said that remote employees’ use of personal mobile devices to access work systems has hurt their organizations’ security posture
58% believe that smartphones represent their organizations’ most vulnerable endpoint
Organizational guidance is severely lacking
The majority of U.S. respondents told Ponemon that they lacked the necessary understanding and expertise to effectively secure their organizations while employees were working remotely. Unfortunately, organizations aren’t helping fill in those gaps:
50% of U.S. respondents report that their organization has not provided remote workers with cybersecurity training
53% of organizations have no remote work security policies.
COVID-19 is stretching IT security personnel thin
Even prior to the pandemic, IT security personnel were struggling to keep up with cyber attacks, but COVID-19 is taxing them even harder. Over half (55%) of U.S. respondents told Ponemon that COVID-19 has increased the time it takes to respond to a cyber attack, and one in five said it had increased “significantly.”
Identity & Access Manasolutions help, but too many organizations aren’t using them
The majority of U.S. respondents (65%) report that identity management and authentication (IAM) solutions are the most effective technology to improve organizations’ cybersecurity posture, but 21% report that their organizations don’t require remote workers to authenticate through one.
Identity and Access Manasolutions help, but too many organizations aren’t using them
The majority of U.S. respondents (65%) report that identity management and authentication (IAM) solutions are the most effective technologies to improve organizations’ cybersecurity posture, but 21% report that their organizations don’t require remote workers to authenticate through one.