sb-nz logo
Story image

IT leaders fear increase risk of cyber attacks while working from home

More than 80% of IT leaders believe their company is at a greater risk of cyber attacks when their staff are working from home, according to new research. 

A new global report from Tessian found more than eight in 10 IT leaders (82%) think their company is at a greater risk of phishing attacks, and 78% believe they are at a greater risk of an insider attack, when employees are working from home.

Tessian's Securing the Future of Hybrid Working report reveals that the majority of IT leaders (85%) believe permanent remote work puts greater pressure on their teams, while over a third (34%) are concerned that their teams will be stretched too far in terms of time and resource. 

According to Tessian, this could be due to:

Combating rising rates of phishing attacks: Half of organisations experienced a security incident in the remote working period between March and July 2020. Half of these incidents were caused by phishing attacks – making it the leading cause of security incidents during this time. Nearly a third of IT leaders (30%) also reported a rise in ransomware attacks delivered by phishing, while nearly a quarter (24%) reported a rise in vishing (voice-phishing) attacks, compared to the five months prior.

Lack of visibility of Bring Your Own Device (BYOD) risks: 78% of remote workers who worked on their personal devices during the lockdown period between March and July 2020 said they received phishing emails, either in their work or personal inboxes. More worryingly, 68 per cent said they clicked a link or downloaded an attachment from the phishing emails they received on their personal device.

Employees connecting to public Wi-Fi: Over half (53%) of IT leaders are worried that employees will connect to public WiFi when working remotely. Their concerns are justified; 58% of employees say they$B!G(Bve either considered connecting to public WiFi or have already done so.

Increased use in email and messaging apps: 57% of employees said they were more reliant on email as a primary channel to stay connected with colleagues and customers when working remotely. In fact, Tessian platform data shows a 129% increase in email traffic at the start of lockdown (March-April 2020). This creates a bigger opportunity for hackers to carry out phishing and email impersonation attacks.

To combat these concerns, 43% of IT leaders are looking to upgrade or implement new BYOD policies and 58% said they will introduce more training. However, over a third of companies admitted they didn't provide additional training to educate their staff on remote working risks at the start of the lockdown. And for those that did deliver additional training, nearly one in five workers did not attend.

 The report suggests updating policies and implementing new approaches to cyber training now will help businesses in the long term, as remote work looks set to stay. In fact, 89% of employees said they do not want to work from the office full time, post-pandemic, while more than a third of respondents (35%) said they would not consider working for an employer that did not offer remote working in the future.

"Despite all the changes, one thing remains the same – the need to keep people safe." says Tim Sadler, CEO, Tessian.

"Business leaders must, therefore, understand the strain that remote working puts on IT teams and address the risks people are exposed to," he says.

"Legacy security protocols are no longer equipped to protect distributed workforces and provide visibility into the behaviours of employees who rely on personal devices, risky channels like email, and public Wi-Fi to get their jobs done."

Sadler says making people aware of the threats and educating them on safe remote working practices is an important first step. 

"IT leaders must, then, find ways to alleviate the pressure on their teams, looking at solutions which can provide greater visibility into employee behaviour, predict and prevent threats, and automate manual tasks," he says.

"This human-first approach to security is critical for businesses to thrive in a world where remote work becomes the norm."

Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Story image
Attack from DOS: In Zero We Trust
In combination with malware, DDoS attacks on banks have been used to cause distraction so the transfer of stolen funds goes unnoticed. More