Growth of Remote Work Bringing Increased Security Risks
According to a recent study, almost three-quarters of organizations point to the shift to remote work during the pandemic as being the main driver in specific cybersecurity attacks.
The study (registration required), titled "Beyond Boundaries: The Future Of Cybersecurity In The New World Of Work," was commissioned by security firm Tenable, and surveyed 426 security leaders, 422 business executives and 479 remote workers from across the globe.
Per the report, 74 percent of respondents point to pandemic-related work procedures (like the ability to work from home) as being the main cause of at least one attack. And 67 percent said that these attacks specifically targeted their employees working from home.
Remote workers make up a larger target for attackers. Another key finding was that nearly six in 10 organizations moved to a 100 percent remote work policy at the start of the pandemic, and, as of September 2021, more than half of the organizations said that at least 50 percent of its workforce is still at home.
"Remote and hybrid work strategies are here to stay and so will the risks they introduce unless organizations get a handle on what their new attack surface looks like," said Amit Yoran, CEO at Tenable.
Not only do attackers have a new target in those working from home, but their approach has also changed. The report found that 43 percent of organizations have experienced phishing or malware attacks that included the topic of COVID-19.
With the remote work trend expected to continue and, in some organizations, expand, respondents said they are expecting an increase in security investment. Eight out of 10 security leaders indicated their organization will see increased spending in network and data security, while 74 percent will increase spending on cloud security and vulnerability management.
Strategic Security Spending
While an increase in security spending will help curb the growth of attacks aimed at a mostly home-based workforce, knowing where to allocate resources for the biggest positive impact is the challenge facing many organizations right now.
David Strauss, co-founder and CTO of Pantheon, maker of WebOps platform solutions, sees an increase in identity solutions as the top priority for those looking to broaden their security efforts amid a changing workforce.
"When you throw everyone to the winds of working from home, you can't control as much," said Strauss. "You have to be able to identify who people are reliably, without relying on a building boundary or badge."
While he does acknowledge that many organizations have had remote access technologies in place for some time now, what worked in the past may not be enough to secure the increased demand.
Securing data is another consideration. And with the new way that organizations are conducting business, a novel approach is necessary for them to remove sensitive data from one central point. Strauss said the approach of the on-premises infrastructure focus, where remote workers tunnel in through a VPN to access corporate infrastructures, will continue to cause security holes. The good news is that even prior to the pandemic shift, technology has been pushing businesses away from this pipeline.
"I feel like this is going to decrease as a model in the industry because corporate IT systems are increasingly centered on cloud deployment and external datacenters," said Strauss.
The migration to the cloud isn't something that's new to those looking for answers in a new world. But for those looking to secure a more mobile workforce, the pandemic could be the catalyst to increase their spending.