Editorial

IT leaders: companies at greater risk of cyberattacks when working from home

New Tessian research reveals 85 percent of IT leaders feel under pressure to secure permanent remote working, following government’s U-turn on working from home

Posted 30 September 2020 by

More than eight in 10 IT leaders (82 percent) think their company is at a greater risk of phishing attacks, says a new survey.

The global study by Tessian also shows that 78 percent believe they are at a greater risk of an insider attack, when employees are working from home.

It follows the announcement from the UK government last week which urged UK office workers to work from home for the foreseeable future to slow down the spread of COVID-19.

“We saw last week how changes to how and where people work can happen overnight. But despite all the changes, one thing remains the same – the need to keep people safe,” said Tim Sadler, CEO, Tessian.

“The government’s U-turn on work from home is critical to protecting the health and safety of employees and businesses also have a duty to ensure their staff can work from home effectively and securely.”

The report reveals that most IT leaders (85 percent) believe permanent remote work puts greater pressure on their teams. More a third (34 percent) are concerned that their teams will be stretched too far in terms of time and resource.

Half of organisations experienced a security incident in the remote working period between March and July 2020. Half of these incidents were caused by phishing attacks – making it the leading cause of security incidents during this time.

Nearly a third of IT leaders (30 percent) also reported a rise in ransomware attacks delivered by phishing, while nearly a quarter (24 percent) reported a rise in vishing (voice-phishing) attacks, compared to the five months prior.

In addition, 78 percent of remote workers who worked on their personal devices during the lockdown period between March and July 2020 said they received phishing emails, either in their work or personal inboxes. More worryingly, 68 percent said they clicked a link or downloaded an attachment from the phishing emails they received on their personal device.

New policies

Elsewhere, more than half (53 percent) of IT leaders are worried that employees will connect to public WiFi when working remotely. Their concerns are justified; 58 percent of employees say they’ve either considered connecting to public WiFi or have already done so.

Fifty-seven percent of employees said they were more reliant on email as a primary channel to stay connected with colleagues and customers when working remotely. Tessian says its platform data shows a 129 percent increase in email traffic at the start of lockdown (March-April 2020). This creates a bigger opportunity for hackers to carry out phishing and email impersonation attacks.

To combat these concerns, 43 percent of IT leaders are looking to upgrade or implement new BYOD policies and 58 percent said they will introduce more training. However, over a third of companies admitted they didn’t provide additional training to educate their staff on remote working risks at the start of the lockdown. And for those that did deliver additional training, nearly one in five workers did not attend.

The report suggests updating policies and implementing new approaches to cyber training now will help businesses in the long term, as remote work looks set to stay. In fact, 89 percent of employees said they do not want to work from the office full time, post-pandemic, while more than a third of respondents (35 percent) said they would not consider working for an employer that did not offer remote working in the future.

“Business leaders must…understand the strain that remote working puts on IT teams and address the risks people are exposed to,” said Sadler. “Legacy security protocols are no longer equipped to protect distributed workforces and provide visibility into the behaviours of employees who rely on personal devices, risky channels like email, and public Wi-Fi to get their jobs done.  

“Making people aware of the threats and educating them on safe remote working practices is an important first step. IT leaders must, then, find ways to alleviate the pressure on their teams, looking at solutions which can provide greater visibility into employee behaviour, predict and prevent threats, and automate manual tasks. This human-first approach to security is critical for businesses to thrive in a world where remote work becomes the norm.”