Eight months or more into the COVID-19 pandemic, organizations worldwide are still struggling to adjust their cybersecurity protocols to a world where remote work is the norm, not the exception.
Reflecting this new normal, the Ponemon Institute has released the results of Cybersecurity in the Remote Work Era: A Global Risk Report. The report, commissioned by Keeper Security, is based on in-depth interviews with 2,215 IT and IT security practitioners in the U.S., U.K., Germany, Austria, Switzerland (DACH), Belgium, Netherlands, Luxembourg (Benelux), Denmark, Norway, and Sweden (Scandinavia). The findings underscore the significant cybersecurity challenges faced by businesses globally as they adapt to a new way of doing business.
Cybercriminals have stepped up social engineering attacks
Even prior to COVID-19, cybercriminals leaned heavily on social engineering attacks, which take advantage of human weaknesses, to get around technical safeguards such as firewalls. Over the past 12 months, 43% of respondents were victimized by account takeover attacks; 56% by credential theft, and 48% by phishing/social engineering.
Once the pandemic began, these types of attacks increased in frequency as cybercriminals sought to take advantage of the confusion that occurred when companies had to suddenly and rapidly deploy and secure remote workforces in very large numbers:
- 62% of respondents globally, and a stunning 79% of U.K. respondents, saw an increase in phishing/social engineering attacks.
- 55% of companies globally, reported a rise in credential theft. The increase was highest in the U.K. (62%) followed by the Benelux region, at 58%.
- 49% of companies globally, and 57% in the DACH region, reported a rise in account takeover attacks.
Cybercriminals are also attempting to play on people’s fears of the pandemic to entice them to fall for social engineering schemes. Nearly half of respondents globally, and 52% in the DACH region, reported that their organizations had experienced an attack that specifically leveraged COVID-19 as a threat vector.
Remote workspace security has security personnel concerned
Security personnel can’t exert as much control over remote employees’ workspaces as they can in the office, which causes issues in areas such as personal device use and physical security:
- 47% of respondents globally, and 54% in Scandinavia, are worried about the lack of physical security in remote employees’ workspaces.
- 67% said that remote employees’ use of personal mobile devices to access work systems has hurt their organizations’ security posture. Concerns were highest in the Benelux region (71%) and Australia/New Zealand (70%).
- 55% of respondents globally, and 58% in Australia, New Zealand, and the U.S., believe that smartphones represent their organizations’ most vulnerable endpoint.
Many employees are being left on their own
Over half (56%) of organizations globally expect remote work to become the new norm, but many organizations aren’t providing their employees or security personnel with sufficient guidance to secure these new workspaces:
- 56% of respondents globally report that their organization has not provided remote workers with cybersecurity training. Lack of training is especially pervasive in the U.K. (68%), Scandinavia (67%), and the Benelux region (65%).
- 51% of organizations globally, and 57% in the U.K., have no remote work security policies.
Security personnel are more overworked than ever
COVID-19 is stretching security personnel very thin. Over half (56%) of respondents globally told Ponemon that COVID-19 has increased the time it takes to respond to a cyberattack. Over one in five said it had increased “significantly.”
Identity & access management solutions help, but too many organizations aren’t using them
The majority of respondents globally (71%) report that identity management and authentication (IAM) solutions are the most effective technologies to improve organizations’ cybersecurity posture. However, 31% of respondents globally report that their organizations don’t require remote workers to authenticate through one. In Scandinavia, over half (51%) of organizations don’t require authentication, followed by the U.K. (39%) and Australia/New Zealand (36%).
Find out more at Keeper’s upcoming webinar
Join best-selling author and technology journalist Neil Hughes on Wednesday, 21 October, 2020, at 11:00 AM EDT/4:00 PM BST, as he moderates a dynamic discussion with the Ponemon Institute’s Larry Ponemon and Keeper Security CEO and Co-Founder Darren Guccione. The webinar will take a deep dive into Cybersecurity in the Remote Work Era: A Global Risk Report, including:
- The impact of COVID-19 on organizational cybersecurity posture
- The most common types of attacks organizations face in 2020
- The measures organizations need to take to mitigate data breaches
To receive your copy of the report, click on the following link: Cybersecurity in the Remote Work Era: A Global Risk Report.