Remote working shines light on poor corporate cyber security standards
Time for the channel to take hold of the vulnerabilities revealed by Covid-19, says Billy MacInnes
10 December 2020 | 0
I stumbled across a really interesting recent report by the Ponemon Institute, conducted for Keeper Security, which looked at the whole issue of cybersecurity for remote workers.
Entitled Cybersecurity in the Remote Work Era, the global report reveals some pretty worrying stuff about the readiness of corporate security regimes to deal with the sudden shift to remote working during the pandemic.
As the report notes, many businesses were caught off guard by the lockdown and unprepared for the effect it had on their ability to response to a cyberattack. More than half (56%) admitted their time to respond to a cyberattack had increased. More concerning, 42% said their companies had no understanding how to deal with cyberattacks as a result of remote working.
That perhaps explains why so many (71%) were concerned remote workers were putting their organisations at risk and 57% felt they were prime targets for cybercriminals seeking to exploit vulnerabilities.
Another consequence of remote working was a 59% increase in access to business-critical applications, many of them from mobile devices, such as tablets and smartphones. Adding to their anxiety was the finding that 31% of businesses did not require authentication by remote workers.
Just over half (53%) were instituting the security protocols to keep the network safe and 50% said their organisations were encrypting sensitive data stored on devices. But less than half were monitoring the network and protecting company-owned devices with up-to date anti-virus, device encryption and firewalls.
Since the onset of Covid-19, 60% have experienced a cyberattack. Just over half (51%) admitted exploits and malware had evaded their intrusion detection systems and 49% confessed they had evaded their anti-virus solutions. The most frequent attacks involved credential theft (56%) and phishing/social engineering (48%).
From a channel perspective, this state of unreadiness and vulnerability suggests there is a job of work to be done helping businesses implement security that meets the requirements of remote working.
There are areas where they could get more involved, if customers have the resources to pay for it. While the Ponemon report is global, it is concerning that 45% felt the IT security budget wasn’t sufficient to manage and mitigate the risks from remote workers. On the plus side, you would expect them to be agitating for more budget to deal with those risks.
It’s also clear that more work needs to be done developing security policies for remote working and educating employees about those policies. The report reveals only half of organisations have a security policy that covers remote workers. A smaller number (43%) have programmes to inform and educate workers about the risks created by remote working.
The recommendations from the report give a clear idea of where channel security partners could engage with customers to help them:
- Ensure the access of remote workers to sensitive and confidential is based on their role and responsibility
- Secure all types remote worker devices – desktops, laptops, smartphones and tablets – against common threats
- Require remote workers to keep computers and mobile devices patched and updated
- Educate remote workers to recognise unusual or suspicious activity on devices being used for remote working and to report the activity
Many customers may have been forced to shift to a remote workforce in haste but they can’t afford to update security policies at their leisure.
Like what you see?
Ireland’s ONLY dedicated news feed for the distribution and retail channel.
Our editorial mix includes channel news, trend analysis, Deals Done, regular ‘Channel Chat’ interviews and strategic product focuses. This is a vital medium through which the technology channel can network and identify new business opportunities.