Almost three quarters of large businesses believe remote working due to the COVID-19 crisis are making their companies more vulnerable to cyberattacks, according to a new report released Tuesday by global telecommunications company AT&T.
The study surveyed 800 cybersecurity professionals across the UK, France and Germany and found that while 88% initially felt "well prepared" for the move to remote working, currently only slightly more than half (55%) believe the move has made their companies more or much more vulnerable to cyberattacks. This figure increases to 70% for large businesses with over 5,000 employees.
"Cybercriminals are opportunistic, taking advantage of the fear and uncertainty surrounding issues like the current global health and economic situation as well as sudden shifts and exposures in IT environments to launch attack campaigns," said John Vladimir Slamecka, AT&T region president, EMEA. "It can be a challenge for IT organizations to stay on top of emergent threat activity in the wild."
Employees are the biggest risk identified by the cyber experts, according to the AT&T report. The survey pointed to a lack of awareness, apathy and/or reluctance to adapt to new technologies as the biggest challenge to implementing good cybersecurity practices within their business (31%).
Cyber professionals reported that one in three (35%) employees are using devices for both work and personal uses, one in four (24%) are sharing or storing sensitive information in unsanctioned cloud applications, and almost one in five (18%) are sharing their work device with another family member.
The report further found that while many businesses have introduced new cybersecurity measures to mitigate risks since the onset of COVID-19, a large minority have not taken basic steps to protect a suddenly remote workforce. One quarter (25%) have not offered additional cybersecurity training for employees; 24% have not created secure gateways to applications hosted in the cloud or in a data center; 22% have not increased endpoint security to protect laptops and mobile phones; and 17% have not implemented internet browsing protection from web-based threats.
As such, cybersecurity experts are concerned with 44% citing ransomware and/or malware attacks as their top security worry. Phishing scams (39%) and external threats such as nation-state attacks or hacking (39%) round off their top three concerns.
This new reality is also causing businesses to transform, with 47% expecting more digital transformation of business processes and cloud implementation in the year to come. Two in five (40%) believe that their business will adopt new automation and robotic tools. For the largest businesses, those with more than 5,000 employees, nearly half (48%) said they will be changing their technology partners in the next year.
"While many organizations had already supported some remote workers on a regular basis, the sudden increase has put stress on IT systems, processes, and teams," said Slamecka. "Others have had to scramble to quickly roll out solutions focused on keeping their entire workforce connected and productive.
"In either case, sudden and unplanned changes in the way workers connect to the corporate network and access corporate data and applications in the data center and cloud can introduce new cyber risks and vulnerabilities," he added. "This is the time to put robust security measures into place that will protect employees and companies for the opportunities and challenges of the future."