Professionals do not have adequate safeguards in place to ward off the growing threat posed by cyber criminals in the modern remote work environment, new research has revealed.
According to new research published by cyber security firm archTIS and its subsidiary Nucleus Cyber — 2021 State of Remote Work Security — workplaces are not prepared for new cyber threats that have emerged in response to the shift to remote working.
The research, conducted on behalf of the firms by Cybersecurity Insiders, involved a survey of 287 IT and information security professionals — of which almost three-quarters noted concern over the security risks faced by employees working from home.
This was despite 86 per cent of organisations expressing support for remote working as a long-term business strategy.
User awareness training (57 per cent), home/public Wi-Fi network security (52 per cent) and sensitive data leaving the perimeter (46 per cent) were cited among the key security challenges in 2021.
Organisations were most concerned over threats associated with file sharing (68 per cent), the web (47 per cent), video conferencing (45 per cent), and messaging (35 per cent).
Specifically, data leaking through endpoints (68 per cent), users connecting with unmanaged devices (59 per cent) and access from outside the perimeter (56 per cent) were the main concerns listed by respondents.
“A year into the pandemic, organisations are still grappling with how to best protect their assets from insider threats and comply with data privacy regulations,” Holger Schulze, CEO and founder of Cybersecurity Insiders, said.
“Remote workers increase the risk of insider threats, but the data shows they are here to stay post-pandemic.
“Organisations need to consider different approaches to the problem than ‘business-as-usual’ training and awareness to solve this long-term challenge.”
Reflecting on the report’s findings, Daniel Lai, CEO of archTIS, noted the lack of focus on zero-trust frameworks, which was listed fourth (19 per cent) on the priority list for cyber security professionals.
“The reality is that even with user training and visibility, human error is inevitable and working from home is likely to increase that error rate,” he said.
“With most standard security technologies, once you’re past their perimeter and have access to an application and file, you can do whatever you want with it – share it, copy it, download it, or email it.
“Commercial intellectual property, supply chain information and other sensitive information, should be protected at the data layer, so that a single mistake from one user doesn’t automatically expose it to a wrong party or worse allow a malicious employee to steal information for personal gain.”
Lei concluded: “This is an essential capability to make the move to distributed workforces viable in the long-term. The time for zero-trust data security is now.”