Have Irish Organisations Overlooked Security In The Race To Adapt To Remote Working?
Recent research asks if organisations and employees in Ireland have overlooked security in the race to adapt to homeworking?
We can all agree that the Pandemic was an unexpected event with immediate and severe effects that can fundamentally change our environment.
When we look back at the year 2020 from a technology and business perspective, it will be a year that the workplace fundamentally changed. It is also the year that cyber security evolved, or at least, it must in order to meet the needs of a new hybrid workplace.
Today we launched new research, conducted by Amárach Research, on the perceptions of both organisations and their employees on cybersecurity in Ireland. The study surveyed 500 employees and 200 business decision makers in September 2020 about remote working, digital security behaviour, and security concerns faced by both employees and employers. This study follows on from Microsoft’s cybersecurity research over the past three years which has looked at cyber threats to public and private organisations, with an additional focus on the security impact of Covid-19 work-related practices now and into the future.
A Time of Change
We are at a pivotal moment, as more employees work from home on a potentially permanent basis. Ireland has a unique opportunity to fully embrace the use of cloud services to support our post-COVID-19 economic recovery and enable more secure practices that support those working remotely.
We are only beginning to realise how much this will require new skills for technology professionals to support the unavoidable blending of personal and professional lives even more. However, this opens up new risk – this year, we found over one in four (26%) remote workers has experienced a cyber-attack personally. Interestingly, only 17% of remote workers strongly agree that technology has done enough to protect their data. Why is this?
Last year, we identified a lack of confidence amongst Irish companies regarding their approach to digital security and access management. We found a gap existed between the organisations’ view of how secure they felt they were, versus the reality – where employee behaviour was leaving them open to data loss or hacking. We saw that iterative security policies and poorly implemented planning had spawned some bad employee habits that created potential vulnerabilities.
We repeated the research in September to see what impact the mass move to remote working had on cloud and more importantly, Irish organisation’s data security. As hybrid working is here to stay, how have organisations kept up in ensuring their users were supported and protected?
Is home now where the risk is?
Our research showed that 76% of remote workers were happy with how they adapted to remote working. However, one in five employees feel their data is more vulnerable when working from home in the absence of normal IT supports. In fact, 25% worry about the security of confidential or sensitive data that they share with colleagues working remotely.
Last year, we looked at how bad data protection habits amongst employees and employers exposed their organisations to either a cyber-attack or a potential data breach. At that time, we found employees accidentally sharing data with the wrong people, using personal devices, and recycling old passwords. Couple that with employers who did not provide adequate training, policies or practices, and there was cause for concern.
Risky Behaviour, Iterative Policies, Increased Vulnerability
We can all accept that organisations had to act quickly in the name of expediency and to ensure no loss of business continuity. In that rush, the temptation to enable remote working first and secure later must have been overwhelming. In fact, our research shows that 36% of organisations admit they moved to a remote environment quickly but have spent the past few months putting in place proper security, privacy, and workplace procedures. In other words, they did things the wrong way around. Now is the time to address this and other bad habits completely.
In 2020, we see that these poor habits not only persist, but are compounded by the acceleration to remote working. If this poor behaviour goes unchanged, it will further undermine any confidence employees and organisations have in remote working and leave them open to losing data either by accident or by cyber hacker design.
For example, 30% of employees still use personal email accounts to share confidential work materials. A third of people use the same password to log into work and personal devices. When it came to unfettered access, nearly half (43%) face no restrictions by their employers when accessing work-related documents and materials remotely.
However, we see that employers have been slow to close potential gaps exposed in the sudden move to remote working which is potentially enabling more poor employee habits emerge. Over one third of employers agree their employees are taking more risks with cyber security than they did before the pandemic. What is concerning is 41% of employers admit that it has become more difficult to be GDPR compliant as a result of the pandemic.
Even more alarming is that some organisations are potentially side-stepping their own security procedures in the name of expediency, with a third of leaders saying they are still exposed because they had to make decisions so quickly. A significant number, 45% of employers have asked their employees to use their personal devices for work since the start of the pandemic. Of those asking employees to use personal devices, a worrying 42% of employers have done nothing to secure such devices.
This is a potentially dangerous move. In our most recent Digital Defense Report, published in September 2020, we reported an escalation in both the level and sophistication of attacks.
- For example, in 2019, we blocked over 13bn malicious and suspicious mails, out of which more than 1bn were URLs set up for the explicit purpose of phishing credential attacks.
- Ransomware is the most common reason behind our incident response engagements from October 2019 through July 2020.
- The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware, and virtual private network (VPN) exploits.
Cyber hackers are opportunistic, skilled, and relentless. They have become adept at evolving their techniques to increase success rates, whether by experimenting with different phishing lures, adjusting the types of attacks they execute or finding new ways to hide their work.
While our physical locations where we work may have changed, our responsibilities in protecting organisational data and complying to data regulations have not.
Now is the time to address this with an increased investment in cybersecurity, secure devices, tighter policies, more support, and education for employees to better protect themselves and their organisation.
2020 could be the year that organisations fully digitally transform, but we need to ensure the fundamentals are not ignored.
But the good news is that Irish organisations understand this with 41% admitting they are behind the curve when it comes to having the right digital services and technologies in place to deal with new working realities. Our research shows that organisations will increase their investment, while most of the rest will maintain the current level. Much of their investment will be driven by the need to upskill and equip remote working employees to work more securely in future. In fact, 38% of organisations have already increased the level and detail of cybersecurity training for staff who are working from home. A further 52% will prioritise investing in training in 2021.
But training is only part of the solution, and 41% will invest in devices and policies to support remote working. What is really interesting is that nearly a quarter of organisations (24%) will no longer plan to purchase desktop devices for their employees, which reflects their acceptance and need to adapt to the new world of work.
Changing Attitudes to Cloud Services
The Pandemic has also served to accelerate the adoption of cloud computing. The experience of the pandemic and subsequent lockdown has familiarised many more with such cloud-based services. Indeed, 57% of remote workers say their attitude towards the use of cloud-based services has positively changed because of COVID-19.
The pandemic has changed how we work for good. When we look back at 2020 (and beyond the pandemic) it could be the year that organisations fully digitally transform, let’s make sure we do not ignore the fundamentals to our detriment and ensure a secure hybrid future. Now is the time to build a solid security foundation to enable your hybrid employees work with confidence – confidence in the systems, confidence to share, and confidence in knowing that they are not a potential single point of failure for a data breach in an age of sophisticated threats.
If you find these insights interesting then please listen back on our Reimagine Cybersecurity event where you will hear the views of our customers and partners.