Nearly three quarters of large businesses are convinced that the shift to remote work makes them more vulnerable to cyberattacks, a new AT&T survey has revealed.
The findings come as no surprise. Since the security perimeter has largely shifted towards a home environment, cybercriminals were provided with new vectors of attack that threaten the integrity of employee devices and company infrastructures.
During their study, AT&T polled 800 cybersecurity professionals from the UK, France and Germany, revealing some interesting mindsets.
While some 88% percent of respondents initially felt properly prepared to mitigate security risks surrounding their remote workforce, 55% of small to medium businesses now admit that the spread of telework leaves them considerably more vulnerable to malicious attacks. However, the number jumps to 70% for businesses with over 5,000 employees.
"Cybercriminals are opportunistic, taking advantage of the fear and uncertainty surrounding issues like the current global health and economic situation as well as sudden shifts and exposures in IT environments to launch attack campaigns," John Vladimir Slamecka, AT&T region president, EMEA said. "It can be a challenge for IT organisations to stay on top of emergent threat activity in the wild."
Remote employees were named the biggest risk by respondents, and according to the survey, 31% of cyber experts believe that the lack of awareness, apathy or reluctance to embrace new technologies is the biggest challenge to implementing sharpened cybersecurity practices within businesses. Additionally, the use of devices for both work and personal purposes was reported by 35%, sharing or storing sensitive information in unsanctioned cloud applications by 24% and sharing their work device with another family member by 18%.
At the onset of the pandemic, social distancing measures and remote work were adopted overnight, and a lack of security measures to mitigate the risks can be somewhat understandable. However, as the study shows, businesses have failed to strengthen their security controls:
- 25% have not offered additional cybersecurity training to employees
- 24% have not created secure gateways to applications hosted in the cloud or in datacenters
- 22% have not increased endpoint security to protect laptops and mobile phones
- 17% have not implemented internet-browsing protection from web-based threats
Among other security concerns that could take advantage of remote employees and ultimately cripple business operations and infrastructure, 44% of respondents point the finger at ransomware and malware attacks. Phishing and nation-state attacks were cited by 39% of security teams.