As many as 84% of organisations are likely to continue to support remote work after the lockdown lifts even though almost half of them have not taken any steps to expand secure access for the remote workforce, a study has found.
In June 2017, a survey of 500 senior executives across the UK by Advanced revealed that 80% of them were in favour of adopting cloud solutions even though 82% of them wanted cloud providers to do more to build confidence among client businesses and customers that their services were secure.
We are now witnessing a very similar trend as far as adopting a remote work culture is concerned. The new 2020 Remote Work Report from Bitglass has revealed that a vast majority of organisations are willing to continue to support remote work even after the lockdown lifts. This may mark the most significant change in organisational work culture in recent times since the introduction of the Internet.
However, it is not lost to anyone that one of the most significant concerns of company Boards in modern times are about cyber threats and how prepared they are to respond to disruptions, loss of data, or reputational damage in the aftermath of a cyber attack.
Hence, if organisations are inclined towards shifting towards a remote work culture, one may want to believe that organisations are now better prepared to respond to cyber security risks such as debilitating malware and ransomware attacks or sophisticated phishing campaigns designed to steal money or intellectual property.
Sadly, that is not the case at all. Bitglass found that the newfound love for remote working is not matched by organisations' preparedness for cyber attacks. The firm's report revealed that while 41% of organisations have not taken any steps to expand secure access for the remote workforce, 50% of them are unable to offer secure access to remote workers due to a lack of proper equipment.
“This research indicates that many organisations are not implementing the security measures necessary to protect their data in the current business environment. For example, while respondents said that the pandemic has accelerated the migration of user workflows and applications to the cloud, most are not employing cloud security solutions like single sign-on (SSO), data loss prevention, zero-trust network access, or cloud access security brokers,” said Anurag Kahol, CTO of Bitglass.
“On top of that, 84% of organisations reported that they are likely to continue to support remote work capabilities even after stay at home orders are lifted. To do this safely, they must prioritise securing data in any app, any device, anywhere in the world,” he added.
Bitglass found that essential security tools have enjoyed muted adoption from UK organisations even though almost all of them are employing remote working to keep their revenues flowing. Even though 77% of organisations have anti-malware tools installed, only 18% have data loss prevention tools, 11% have user and entity behaviour analytics, and 45% have single sign-on tools at their disposal.
What's not lacking, however, is awareness. While 72% of organisations consider malware attacks as the most concerning threat, 68% are concerned about the security of their file-sharing applications, 47% are concerned about the security of their web applications, and 45% are concerned about the security of video conferencing solutions that they use.
Earlier this month, Kaspersky also found that as many as 73% of employees working from home have not yet received any specific cybersecurity awareness guidance or training designed to keep themselves secure from risks. This is despite the fact that many employees have increased the use of online services for work that are not approved by their IT departments such as video conferencing (70%), instant messengers (60%), or file storage services (53%).
"When it comes to building a security program, focusing only on technology and processes puts us in a weak and unbalanced position. Businesses will need four steps in place. First, start at the top and get leadership support, second, conduct awareness training to ensure employees know what needs protecting, third, test the security posture such as through internal phishing campaigns, and fourth, ensure transparency and continual communication. Only then will everyone, on a personal and business level, be able to mitigate the risks that these attacks can cause," said Kunal Anand, Chief Technology Officer at Imperva.