Despite security issues and concerns resulting from the massive and sudden increase in work-from-home (WFH) initiatives caused by the global COVID-19 healthcare crisis, one-third (38 percent) of U.S. companies observed productivity gains during remote work and 84 percent anticipate broader and more permanent WFH adoption beyond the pandemic.
The 2020 Remote Work-From-Home Cybersecurity Report, sponsored by Pulse Secure and produced by Cybersecurity Insiders, offers perspective on WFH challenges, concerns, strategies and anticipated outcomes. The survey, conducted in May of 2020, polled more than 400 IT security decision practitioners across a broad representation of industries and companies between 500 and more than 5,000 employees. The survey found that 33 percent of U.S. companies anticipate some positions moving to permanent remote work and over half (55 percent) plan to increase their budget for secure remote work in the near-term.

WFH adoption accelerated cloud app growth and business continuity challenges

The research indicates that three-quarters of businesses now have more than 76 percent of their employees working from home compared to just under 25 percent at the close of 2019.  While a third of respondents cited their business being “ill prepared or not prepared” for remote working, 75% of businesses were able to transition to remote working within 15 days. Less than a third expressed cost or budget problems, demonstrating the urgency to support their business. Additionally, more than half (54 percent) expressed that COVID-19 has accelerated migration of users’ workflows and applications to the cloud.

Increase in WFH employees fuels security and compliance issues

In terms of security risks, two-thirds (69 percent) are concerned with WFH security risks with the majority expressing low user awareness training, insecure home/public WiFi networks, use of at-risk personal devices and sensitive data leakage as prime threat contributors. In terms of application exposure, respondents feel anxious over file sharing (68 percent), web apps (47 percent) and video conferencing (45 percent) risks.

While 78 percent expressed enforcing the same level of security controls and data management for on-premise and remote users, a further 65 percent allowed access from personal, unmanaged devices. Two-thirds of IT security professionals anticipate malware, phishing, unauthorized user and device access and unpatched/at risk systems to be the most exploitable WFH attack vectors. In addition, 63 percent expressed that remote work could impact compliance mandates that apply to their organization; especially GDRP, PCI-DSS, HIPAA and those with data breach notification.

Wider trends toward security tools consolidation

Survey respondents employed various tools to secure remote work/home office scenarios with the top four controls being endpoint security, Firewalls, virtual private networks (SSL-VPN) and multi-factor authentication (MFA).  According to separate research by Enterprise Management Associates, 57 percent of organizations regard the consolidation of access management solutions into a single platform to be a high or extreme priority for their business this year.

“The mass adoption of WFH has highlighted the need for organizations to embrace more holistic secure access strategy that supports both flexible working and the growing shift towards hybrid IT. The most effective IT management solutions are platforms that are both modular and integrated,” noted Steve Brasen, research director with Enterprise Management Associates. “Modular solutions allow organizations to adopt the exact feature set they require to meet business needs. However, solutions must also be fully integrated to yield desired management efficiencies."