Cyber risks associated with technology adopted during the pandemic are responsible for 74% of attacks against 94% of businesses in the past 12 months
A study commissioned by Tenable found that most (94%) businesses have experienced a cyberattack in the past 12 months.
Almost three-quarters of companies attributed these cyber attacks to technological vulnerabilities put in place during the pandemic.
New security challenges emerged as companies expanded the new world of work to allow workers to stay productive during the pandemic.
The data comes from a study conducted by Forrester Consulting on behalf of Tenable. The study, which revealed the increase in cyber risks resulting from remote working, surveyed 1,300 security managers, business executives and remote employees.
The pandemic has accelerated remote working and cloud adoption
More than three-quarters (78%) of those surveyed said their companies had some of their employees working from home, while another 50% had more than half of their employees working remotely after more than a year pandemic.
More than nine in ten organizations (92%) say remote working will be permanent over the next two years.
Additionally, more than four in ten companies have moved their critical functions to the cloud, while 36% have moved non-critical functions in response to the pandemic.
Remote working and cloud adoption increase cyber risks
The study found that 80% of security and enterprise executives believe their organizations face more cyber risks as a result of this migration. And nearly three-quarters (73%) say their organization’s data has faced greater cyber risks since the start of the pandemic.
These cyber risks have been exacerbated by the rush to adopt the technology without proper verification to avoid hurting productivity.
“The response to the pandemic has accelerated the pace of technology adoption, with IT and security teams turning to cloud-based solutions, expanding the software supply chain and rapidly deploying tools for connectivity, collaboration and productivity – often without a thorough verification process, ”the researchers wrote.
Huge gap between remote worker safety practices and beliefs
Just over a third (34%) of teleworkers surveyed follow their security guidelines, and more than half access customer data using personal devices. More than four in ten teleworkers believe that safety practices interfere with their productivity.
More than a quarter (27%) ignore or willfully circumvent cybersecurity policies, while 36% delay the application of device updates.
In addition, almost all (98%) teleworkers use at least one personal device to work on a daily basis. Teleworkers have at least eight devices and an average of three people connected to their home network in a typical day. These connected devices include personal devices, devices, portable devices, gaming systems and employer-supplied devices.
Despite their appalling security practices, remote workers were not inherently ignorant of the various cyber risks their organizations faced. For example, eight in ten employees consider protecting customer data “somewhat important” or “very important”, while 63% say it is important to protect their organizations against intellectual property theft.
However, only 56% of security managers believed employees were taking the right steps to protect their organization’s intellectual property and systems.
Lack of visibility and personnel exacerbate remote cyber risks
Almost three-quarters (71%) of security managers said they lacked high-level or full visibility into workers ‘home networks, while 64% lacked visibility into remote workers’ connected devices.
Additionally, the lack of visibility into partners was a major concern as organizations expanded their supply chain.
Only 46% of security managers said they had visibility on their partners. This unfortunate situation occurred despite 65% of security officials blaming recent cyber attacks on the compromise of a third-party software vendor.
Likewise, only a third (33%) of security and business leaders say they have enough staff to adequately monitor all attack surfaces in their organization.
However, most security executives were looking to manage the cyber risks their organizations faced. For example, almost two-thirds (64%) or organizations plan to employ more staff in the next 12-24 months.
Tenable CTO and co-founder Renaud Deraison noted that forward-looking organizations perceive cybersecurity strategy as a crucial tool for innovation.
“This study reveals two paths to follow: one riddled with unmanaged risks and relentless cyberattacks and one that accelerates productivity and business operations in a secure manner,” added Tenable CEO Amit Yoran.