New Ponemon Report Shows U.S. Companies Struggling With Remote Work Cybersecurity

October is National Cybersecurity Awareness Month, and this year, things are quite different. The manner in which all of us live and work have been markedly changed by the COVID-19 pandemic. Reflecting this new normal, the Ponemon Institute has released the results of Cybersecurity in the Remote Work Era: A Global Risk Report. The report, commissioned by Keeper Security, compiles responses from 2,215 IT and IT security practitioners in the U.S., U.K., DACH, Benelux, Scandinavia and AUZ.

This year’s findings underscore the significant cybersecurity challenges faced by U.S. businesses as they struggle to adapt to a post-pandemic world where many, if not all of their employees are working remotely.

Key Findings

Social engineering attacks have risen dramatically

In addition to threatening Americans’ health, COVID-19 is a clear and present danger to organizational cybersecurity. Far from slowing down, cybercriminals stepped up their game once the pandemic hit. Social engineering tactics are their weapon of choice, as they seek to take advantage of the confusion that occurred when U.S. companies had to suddenly and rapidly deploy and secure remote workforces in very large numbers.

Since the pandemic began:

• 63% of U.S. respondents saw an increase in phishing/social engineering attacks
• 52% reported a rise in credential theft
• 50% reported a rise in account takeover attacks

Further, as American workers’ inboxes fill up with news alerts about the pandemic, cybercriminals are attempting to use the crisis as bait. Half of U.S. respondents to the Ponemon survey said that their organizations had experienced an attack that specifically leveraged COVID-19.

Security personnel worry about remote workspace security

Security personnel can control employees’ on-prem work environments to a large extent. For example, they can enforce bring your own device (BYOD) policies and ensure that company-owned devices are physically secured.

Once employees have left the building to work, all those controls go out the window, and that’s keeping security personnel up at night:

• 45% of U.S. respondents are worried about the lack of physical security in remote employees’ workspaces
• 67% said that remote employees’ use of personal mobile devices to access work systems has hurt their organizations’ security posture
• 58% believe that smartphones represent their organizations’ most vulnerable endpoint

Organizational guidance is severely lacking

The majority of U.S. respondents told Ponemon that they lacked the necessary understanding and expertise to effectively secure their organizations while employees were working remotely. Unfortunately, organizations aren’t helping fill in those gaps:

• 50% of U.S. respondents report that their organization has not provided remote workers with cybersecurity training
• 53% of organizations have no remote work security policies.

COVID-19 is stretching IT security personnel thin

Even prior to the pandemic, IT security personnel were struggling to keep up with cyber attacks, but COVID-19 is taxing them even harder. Over half (55%) of U.S. respondents told Ponemon that COVID-19 has increased the time it takes to respond to a cyber attack, and one in five said it had increased “significantly.”
Identity & Access Manasolutions help, but too many organizations aren’t using them

The majority of U.S. respondents (65%) report that identity management and authentication (IAM) solutions are the most effective technology to improve organizations’ cybersecurity posture, but 21% report that their organizations don’t require remote workers to authenticate through one.

Identity and Access Manasolutions help, but too many organizations aren’t using them

The majority of U.S. respondents (65%) report that identity management and authentication (IAM) solutions are the most effective technologies to improve organizations’ cybersecurity posture, but 21% report that their organizations don’t require remote workers to authenticate through one.