Half of organisations experience remote working security incidents

With the majority of companies believing the future of work will be remote or “hybrid”, Tessian reveals the security pitfalls of the new work-from-anywhere world.

  • Wednesday, 30th September 2020 Posted 4 years ago in by Phil Alsop
A new report from email security company Tessian reveals that 75% of IT decision makers believe the future of work will be remote or “hybrid” - where employees choose to split their time between working in the office and anywhere else they’d like. As businesses try to deliver a seamless hybrid experience, Tessian’s Securing the Future of Hybrid Working report reveals the security risks they must overcome and the pressures on IT teams.

 

A New Look for the Modern Workforce

 

Employees are in favor of a hybrid working structure; just 11% of respondents said they’d want to work exclusively in the office post-pandemic, with the average employee wanting to work from home at least two days a week. In fact, one-third said they would not consider working for a company if it didn’t offer remote working.

 

This new way of working may come at the IT department’s expense, though. 85% of IT leaders believe permanent remote work will put more pressure on their teams, while over a third (34%) are worried about their workers becoming stretched too far in terms of time and resource.

 

Phishing: The Threat of Choice

 

The majority of IT decision makers (82%) think that employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters (78%) of employees said they received a phishing email while working on their personal laptop between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

 

In fact, nearly half of companies surveyed experienced a data breach or security incident between March and July 2020, with half being caused by phishing attacks - making it the leading cause of security incidents during this period of remote working. One-third of IT decision makers also reported an increase in ransomware attacks delivered via phishing emails between March and July 2020 compared to the five months prior, while a quarter (24%) experienced a rise in vishing (voice spear phishing) attacks.

 

The report reveals that hackers most commonly impersonated software providers in their phishing scams, closely followed by external suppliers and healthcare organizations.

 

Greater Risk of Insider Threats

 

In addition to attacks from outsiders, 78% of IT leaders also believe their organization is at greater risk of insider threats, such as employees bringing infected devices or documents into the office or sharing sensitive information with personal accounts, should their company adopt a permanent hybrid working structure. In fact, over a quarter (27%) reported higher rates of security breaches caused by insider threats between March and July 2020.

 

Channels to Stay Connected

 

Over half of employees (57%) were more reliant on email as a channel to stay connected with colleagues while working remotely, creating a bigger opportunity for hackers to carry out phishing and impersonation attacks on email. In fact, Tessian detected over 128,000 malicious emails between March and July 2020, when most people were working remotely.

 

Another 57% of respondents say they rely more on instant messaging platforms to stay connected, while 68% depend more on video conferencing. With some form of remote work here to stay, hackers will continue to find ways to take advantage of the channels people most rely on to advance their scams.

 

“People don’t want to give up the level of flexibility they have experienced this year, and businesses must transform in order to meet their staff’s expectations,” said Tim Sadler, CEO and co-founder of Tessian. “While it is great for employees, a hybrid way of working actually offers the worst of both worlds for IT teams who have to simultaneously manage and mitigate security risks that occur both in and out of the office, while providing a seamless experience that enables employees to work-from-anywhere.

 

“With limited resourcing and budget, this isn’t going to be easy. But failure to do so could threaten companies’ security posture and see businesses losing out on talent. Education on the threats people could be exposed to and the threats they pose to company security is an important first step. Businesses also need to invest in solutions that alleviate the pressure on IT teams, providing them with greater visibility into employee behaviors, automating manual tasks and alerting employees to threats to prevent them from causing security incidents before they happen.”