Cyber Security Implementation

Posted on 9th May 2022

Pandemic has dramatically changed the workplace and has created new cyber security risks and exacerbated existing risks. The purpose of this research, sponsored by Keeper Security, is to understand the new challenges organizations face in preventing, detecting and containing cyber security attacks in what is often referred to as “the new normal”.

The remote work force has significantly reduced the effectiveness of organizations’ security posture. Respondents were asked to rate the effectiveness of their organizations’ IT security posture prior to and during the pandemic on a scale from 1 = not effective to 10 = highly effective. The very and highly effective responses are shown in Figure 1 and reveal a significant decline from 71 percent of respondents who believed their organizations were effective at mitigating risks, vulnerabilities and attacks across the enterprise prior to Pandemic to only 44 percent of respondents during Pandemic.

Following are reasons why the remote workforce has reduced the effectiveness of organizations’ cyber security posture:-

In the new era of a remote workforce, organizations worry most about the lack of physical security in the remote worker’s work space. Almost half (47 percent) of it is the inability to control risks created by the lack of physical security in remote workers’ homes and other locations that is a significant concern for their organizations.

Organizations are very concerned remote workers are putting them at risk for a data breach and/or security exploit. Seventy-one percent of respondents are very concerned that remote workers are putting the organization at risk for a data breach and 57 percent of they are prime targets for those wishing to exploit vulnerabilities.

Understandably organizations were caught off-guard by the sudden lockdown due to Pandemic. As a result, they were not prepared for the affect it would have on their ability to respond to a cyber-attack. According to 56 percent of respondents, the time to respond to a cyber-attack has significantly increased (21 percent) or increased (35 percent). Forty-two percent of their organizations have no understanding how to protect against cyber-attacks due to remote working. Customer records and financial information are most vulnerable.

Remote working has increased access to business-critical applications. Most likely out of necessity, 59 percent of access to business-critical applications has significantly increased (26 percent) or increased (33 percent). On average, organizations have 51 business-critical applications and an average of 56 percent of these is accessed from mobile devices such as smart phones and tablets.

Not all organizations are requiring remote workers to use authentication methods. If they do, few are requiring multi-factor authentication. Almost one-third (31 percent) of their organizations do not require their remote workers to use authentication methods. Of the 69 percent of organizations that do require authentication, only 35 percent of multi-factor authentication is required.

BYOD has decreased organizations’ security posture. Sixty-seven percent of remote workers’ use of their own mobile devices such as tablets and smart phones to access business-critical applications and IT infrastructure has decreased their organizations’ security posture. Further, smart phones, laptops and mobile devices are the most vulnerable endpoints or entry points to organizations’ networks and enterprise systems.

Since Pandemic many organizations have had exploits and malware that evaded their intrusion detection systems and anti-virus solutions. Fifty-one percent of exploits and malware have evaded their organizations’ intrusion detection systems and almost half (49 percent) of they have evaded their organizations’ anti-virus solutions.

Credential theft and phishing/social engineering are the most frequent types of cyber-attacks since Pandemic. Sixty percent of their organizations experienced a cyber-attack. The most frequent attacks involved credential theft (56 percent of respondents) and phishing/social engineering (48 percent of respondents).

IT security budgets and in-house expertise need to increase. Only 45 percent of their organizations’ IT security budget is adequate for managing and mitigating cyber security risks caused by remote workers and only 39 percent of their organization has the expertise to manage and mitigate cyber security risks caused by remote working.

 Security risks due to remote working require a new effort to educate employees about their responsibility to follow remote working policies. Fifty percent of their organizations have a policy on the security requirements for remote workers. Only 43 percent of their organizations currently have programs that inform and educate remote workers about the risks created by remote working.

Despite the increase in security risks as a result of remote working, less than half (47 percent) of their organizations are monitoring the network 24/7. More than half (53 percent) of their organizations are instituting the necessary security protocols to keep the network safe and 50 percent of their organizations are encrypting sensitive data stored on devices. However, less than half of respondents are monitoring the network and protecting company-owned devices with up-to- date anti-virus, device encryption and firewalls.

Key findings:-

In this report, we refer to teleworkers as remote workers. In the context of this research, teleworking enables employees and other users to work from locations other than the organization’s facilities. Teleworkers use various devices such as desktop and laptop computers, smartphones and tablets to read and send email, access websites, and review and edit documents and perform many other tasks. These devices may be controlled by the organization, by third parties or by the users themselves (BYOD). Most teleworkers use remote access, which is the ability for organizations’ users to access its non-public computing resources from external locations other than the organization’s facilities

The steps organizations are taking and should take to manage cyber security risks.

Conclusion and recommendations.

While remote working has reduced organizations’ costs, it has not made remote workers more productive and efficient. 60 percent of respondent’s remote working has reduced costs, but the tradeoff is less productivity and efficiency. Fifty-six percent of their organizations expect remote working to become the new norm making it critical to assess the security risks created by a remote workforce. However, according to the research 45 percent of their organizations have not assessed remote working risks.

In the new era of remote working, organizations are most concerned about the lack of physical security in the remote worker’s work space. An average of 58 percent of organizations’ workforce telework.

The security risks organizations are most concerned about with having half of their workforce working remotely. Almost half (47 percent) of it is the inability to control risks created by the lack of physical security in remote workers’ homes and other locations is a worry for their organizations. This is followed by concerns that remote workers’ devices will become infected with malware, according to 32 percent of respondents.

The time to respond to a cyber-attack has increased since Pandemic. Since Pandemic 56 percent of the time has significantly increased (21 percent) or increased (35 percent) to respond to a cyber-attack. Only 27 percent of the time remains unchanged.

Understandably organizations were caught off-guard by the sudden lockdown due to Pandemic. As a result, remote working increases the uncertainty about how to protect against cyber-attacks. 42 percent of respondents it is the uncertainty on how to get a handle on reducing the risk of cyber-attacks is a challenge. An insufficient budget is always an issue with organizations trying to make the necessary investments in technology and staffing to improve their security posture. However, in the era of a remote workforce insufficient budget is the number one challenge organizations face (44 percent of respondents).

Customer records are considered most vulnerable in the era of remote working. 55 percent of respondent’s customer records are at risk because of remote working followed by financial information (48 percent of respondents).

Remote working has increased access to business-critical applications. A business-critical application is an application that is critical or important to keeping the business running. These applications can range from small tools to specialized tools such as lines of business systems. If interrupted, it would result in serious financial and legal loss; customer dissatisfaction and/or loss in productivity.

59 percent of respondent’s access to business-critical applications has significantly increased (26 percent) or increased (33 percent). On average, organizations have 51 business-critical applications and on average 56 percent of these are accessed from mobile devices such as smart phones and tablets.

Not all organizations are requiring remote workers to use authentication methods. Almost one-third (31 percent) of their organizations do not require their teleworkers to use authentication methods. 69 percent of authentication methods are required, 40 percent of two-factor authentication is required. Only 35 percent of multi-factor authentication is required, which would improve the security of remote access.

BYOD has decreased organizations’ security posture. 67 percent of remote workers’ use of their own mobile devices such as tablets and smart phones to access business-critical applications and IT infrastructure has decreased their organization’s security posture. As discussed previously, 31 percent of their organizations do not require remote workers to use authentication methods and only 35 percent of their organizations require multi-factor authentication.

Cyber-attacks during Pandemic are becoming more severe in terms of negative consequences such as the impact on finances (50 percent of) and almost half (47 percent) of cyber-attacks are becoming more targeted. Thirty-six percent of they are becoming more sophisticated.

Fifty-eight percent of their organizations experienced a compromise that damaged IT infrastructure or stole IT assets. The average cost to deal with these compromises over the past 12 months is $2.7 million. Similarly, 58 percent of their organizations had a disruption to normal operations at an average cost of $2.4 million.

During Pandemic, the types of attacks organizations have experienced most are credential theft and phishing/social engineering. As discussed previously, as a result of remote working many organizations have seen a decline in their cyber security posture. In fact, 60 percent they have experienced a cyber-attack. The most frequent attacks involved credential theft (56 percent of respondents) and phishing/social engineering (48 percent of respondents).

Since Pandemic, many organizations have had exploits and malware evade their intrusion detection system and anti-virus solutions. 51 percent of exploits and malware have evaded their organizations’ intrusion detection systems and almost half (49 percent) of respondents say they have evaded their organizations’ anti-virus solutions.

Smart phones, laptops and mobile devices are the most vulnerable endpoints to organizations’ networks and enterprise systems. Their security posture organizations should be assessing the risks created by remote workers’ smart phones, laptops and mobile devices because these are considered the most vulnerable entry points according to 55 percent, 50 percent and 48 percent of respondents, respectively.

Instant messaging systems and Google Docs are the most popular tools for connectivity and collaboration. Fifty-eight percent of the use of collaboration tools significantly increased (33 percent) and increased (25 percent). As discussed previously, organizations are struggling to keep remote workers productive. A list of commonly used tools to enable connectivity and collaboration for teleworkers. The top two are instant messaging systems and Google Docs.

There is great concern that remote workers are making their organizations vulnerable for a data breach and/or a security exploit. Less than half (46 percent) of respondents say their organizations are effective (22 percent) or highly effective (24 percent) in reducing cyber security risks created by remote working.

When asked to rate their concerns about the risks created by teleworkers on a scale of 1 = no concern to 10 = extremely concerned, 71 percent of respondents say they are very or extremely concerned (7+ responses on the 10-point scale) that teleworkers put the organization at risk for a data breach and 57 percent of respondents are very concerned or extremely concerned that remote workers are prime targets for those wishing to exploit vulnerabilities.

External attacks and third-party mistakes were the root causes of the data breach organizations had in the past year. Forty-four percent of respondents say their organizations had a data breach in the past 12 months (before and during the pandemic).51 percent of respondents say external attacks and 42 percent of respondents say third-party mistakes were the root causes of the data breach.

Security risks due to remote working require a new effort to educate remote workers about the risks. According to the research, organizations are at greater risk for security exploits and data breaches because of remote working. Moreover, remote working according to many respondents will be the new norm. As a result, it is more important than ever to have training programs that ensure remote workers are taking appropriate steps to avoid putting their organizations at risk. As shown in Figure 19, 43 percent of respondents say organizations currently inform and educate remote workers about the risks created by remote working and 33 percent of respondents say their organizations plan to.

Policies for remote working mainly focus on password hygiene and up-to-date anti-virus protection on personal devices. Respondents recognize the security risks created by remote workers. However, 50 percent of respondents say their organizations do not have a policy on the security requirements for remote workers. If they do have a policy it is about the importance of password hygiene (63 percent of respondents) and the protection of personal devices used for business activities with up-to-date anti-virus solutions (60 percent of respondents).

Despite the increase in security risks as a result of remote working, less than half (47 percent) of respondents say their organizations are monitoring the network 24/7. The steps organizations are taking to create a secure remote working environment. More than half (53 percent) of respondents say their organizations are instituting the necessary security protocols to keep the network safe and 50 percent of respondents say their organizations are encrypting sensitive data stored on devices. However, less than half of respondents are monitoring the network and protecting company-owned devices with up-to-date anti-virus, device encryption and firewalls.

Identity management & authentication is the top technology that improves an organization’s cyber security posture. A list of technologies and respondents were asked to identify those that have been most effective in improving their organizations’ cyber security posture. Seventy-one percent of respondents say it is identity management & authentication. This is followed by virtual private networks (59 percent of respondents) and endpoint security solutions (56 percent of respondents).

Conclusion and recommendations

Having a remote workforce has taken a toll on organizations’ cyber security posture. Many organizations have experienced attacks that have specifically leveraged Pandemic as a threat vector. Because remote working seems to be here to stay, organizations need to assess the security risks, educate remote workers about these risks and create a remote workers security policy.

Following are some recommendations to improve the security in the remote worker era.

Require all remote workers to use authentication methods, preferably multi-factor authentication.

Make sure remote workers who are using their own devices (BYOD) have enabled basic security features such as the PIN, fingerprint or facial ID feature.

Ensure remote workers who have remote access to sensitive and confidential are based on their role and responsibility.

Secure all types of remote worker devices--including desktop and laptop computers, smartphones, and tablets--against common threats.

Require remote workers to keep computers and mobile devices patched and updated.

Educate remote workers on how to recognize unusual or suspicious activity on devices being used for remote working and then contact your organization’s help desk or security operations center to report the activity.

To increase remote working security, organizations should require periodic password changes, prohibit employees from reusing the same passwords on internal systems and require minimum password lengths.