Remote Workforce Security Creates Unexpected Risks. Many Companies Learned That the Hard Way.
In this series, we’ll be digging deeper into a few of the standout security findings of our annual analysis of the data breach landscape, The Global Year in Breach, 2021 Edition. Cybercrime and remote workers aren’t a great mix, especially when you add in some stress. One essential takeaway we found from our analysis of cybersecurity trends in the last 12 months is that remote workforce security can be much more difficult than IT teams bargained for – but it’s essential in today’s world as companies embrace hybrid work as the way of the future.
Pandemic Panic
Last year presented several challenges that no IT teams were expecting, but the biggest by far was the onset of the global COVID-19 pandemic and the subsequent web of complications and cybercrime that it brought in its wake. The seismic shockwave that the pandemic sent through the business world may never be fully measured, but we do have some idea of the challenges that it created around cybersecurity for businesses. In the end, the cocktail of epically understaffed IT departments, maintenance failures contributing to unpreparedness, record-breaking cybercrime and employee stress taxed IT teams like never before. Of course, that meant that cybercriminals were kicking their dirty work into high gear to take advantage of this golden opportunity, and that was very bad news for businesses.
The onset of the pandemic led to lockdowns. Businesses that wanted to continue operating has to rapidly shift to remote operations, and that was especially difficult for companies that were still mired in old technology. Suddenly everyone became a remote worker, and that created enormous problems for IT teams who needed to suddenly become experts in remote workforce security. Companies that had never encouraged or enabled remote or hybrid working were forced to scramble to get all of their workers functioning remotely or face shutting down entirely as lockdowns kept everyone at home. Often, there was no plan in place to facilitate this sudden shift. Many employees lacked training in remote work, and many security teams had never handled remote security. A barrage of unintentional insider threats assaulted IT teams daily.
Stress Creates Vulnerabilities
Why was the Great Work from Home such a boon to cybercrime? Because IT departments were unprepared and chronically understaffed. Only 39% of IT executives polled in a staffing survey felt that they have adequate IT expertise on staff to assist employees with remote work issues, and only 45% of organizations reported having enough budget available to address the needs of either their IT team or their remote workforce, especially with skyrocketing rates of both activity and risk.
At the same time, IT teams were trying to cope with the fact that many employees were dealing with unexpected stress at home, making them more likely to make cybersecurity mistakes. Over 50% of respondents admitted that they were more error-prone while stressed. More than 55% of workers in an employee error detection survey admitted that they were frequently off-balance when working from home, leading to security blunders – 40% said they made more mistakes when they were tired or distracted. Altogether 43% of the workers surveyed reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company while working remotely.
Cybercrime Complications
All of this chaos and confusion was a goldmine for cybercriminals, and they pulled out all the stops. Experts estimate that overall cybercrime was up by 80% in 2020. Much of that increase came from phishing attacks that ensnared remote workers, 75% of companies were hit by phishing in 2020. Cybercriminals took advantage of the fact that many remote workers were distracted or had limited IT support and the immense amount of email that remote workers were receiving every day to slip in a sea of phishing attacks. Those attacks were frequently disguised as legitimate messages from businesses, brands and organizations Phishing skyrocketed by more than 650%, accounting for almost 80% of 2020’s total cybercrime. About 60% of cybercrime gangs relied on phishing as their primary infection vector in 2020.
Ransomware didn’t stay home to stop the spread either – a shocking 51% of all businesses experienced a ransomware attack in 2020. Two in five SMBs were impacted by ransomware in 2020, an increase of more than $145%. – and 50% of those attacks used vicious double extortion ransomware. These attacks were especially damaging to industries that vital to the development and delivery of treatments and ultimately a vaccine for COVID-19. Hospitals, pharmaceutical companies, even cold storage transportation entities quickly found themselves under siege. In a successful attack, bad actors didn’t just snatch their victim’s data, they also shut down production lines and communications systems, hampering treatment, manufacturing and research efforts. Ransomware continues to top the list io cybercrime trends in 2021 and that is expected to continue.
Next Steps to Stay Ahead of Remote & Hybrid Workforce Risk
Stopping ransomware and decreasing a company’s risk of a successful cyberattack against remote or hybrid workers starts with stopping phishing and its destructive effects. These tools can help IT teams support a remote or hybrid workforce effectively without breaking the bank.
Security Awareness Training with BullPhish ID
More than 55% of remote workers rely on email as their primary form of communication with their coworkers, but less than 55% of companies engage in regular phishing resistance training. That’s a problem that can be quickly and affordably solved with BullPhish ID. Freshly revamped, BullPhish ID now offers the option to create your own customized training content to reflect specialized industry threats from emails to videos – even attachments. Or just automate training and use our plug-and-play phishing simulation kits, with 4 new options added to our library of more than 100 kits every month. SEE BULLPHISH ID IN ACTION>>
Multifactor Authentication with Passly
Multifactor Authentication (MFA) alone can stop over 99% of password-based cyberattacks – like when a cybercriminal tries to log in and steal data with a password that was just phished from a stressed remote worker. But unfortunately, only 62% of companies are using it. Join that group of smart businesses when you add Passly. It packs unmatched value because you don’t just get MFA with this secure identity and access management dynamo, you also get single sign-on, automated password resets, secure shared password vaults and more. Why buy 3 or more solutions when Passly gets the job done all in one? SEE PASSLY IN ACTION>>
Don’t wait until your remote or hybrid employees unleash a cybersecurity disaster – contact the experts at ID Agent today for a consultation about the best ways to implement remote workforce security in order to reduce remote and hybrid workforce risk.
Comments are closed.
Recent Comments