Half of organizations experienced security incidents while working remotely

October 1, 2020

A new report from email security company Tessian reveals that 75% of IT decision makers believe the future of work will be remote or “hybrid” - where employees choose to split their time between working in the office and anywhere else they’d like. As businesses try to deliver a seamless hybrid experience, Tessian’s Securing the Future of Hybrid Working report reveals the security risks they must overcome and the pressures on IT teams.

A New Look for the Modern Workforce

Employees are in favor of a hybrid working structure; just 11% of respondents said they’d want to work exclusively in the office post-pandemic, with the average employee wanting to work from home at least two days a week. In fact, one-third said they would not consider working for a company if it didn’t offer remote working.

This new way of working may come at the IT department’s expense, though. 85% of IT leaders believe permanent remote work will put more pressure on their teams, while over a third (34%) are worried about their workers becoming stretched too far in terms of time and resource.

Phishing: The Threat of Choice

The majority of IT decision makers (82%) think that employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters (78%) of employees said they received a phishing email while working on their personal laptop between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

In fact, nearly half of companies surveyed experienced a data breach or security incident between March and July 2020, with half being caused by phishing attacks - making it the leading cause of security incidents during this period of remote working. One-third of IT decision makers also reported an increase in ransomware attacks delivered via phishing emails between March and July 2020 compared to the five months prior, while a quarter (24%) experienced a rise in vishing (voice spear phishing) attacks.

The report reveals that hackers most commonly impersonated software providers in their phishing scams, closely followed by external suppliers and healthcare organizations.

Greater Risk of Insider Threats

In addition to attacks from outsiders, 78% of IT leaders also believe their organization is at greater risk of insider threats, such as employees bringing infected devices or documents into the office or sharing sensitive information with personal accounts, should their company adopt a permanent hybrid working structure. In fact, over a quarter (27%) reported higher rates of security breaches caused by insider threats between March and July 2020.

Channels to Stay Connected

Over half of employees (57%) were more reliant on email as a channel to stay connected with colleagues while working remotely, creating a bigger opportunity for hackers to carry out phishing and impersonation attacks on email. In fact, Tessian detected over 128,000 malicious emails between March and July 2020, when most people were working remotely.

Another 57% of respondents say they rely more on instant messaging platforms to stay connected, while 68% depend more on video conferencing. With some form of remote work here to stay, hackers will continue to find ways to take advantage of the channels people most rely on to advance their scams.

“People don’t want to give up the level of flexibility they have experienced this year, and businesses must transform in order to meet their staff’s expectations,” said Tim Sadler, CEO and co-founder of Tessian. “While it is great for employees, a hybrid way of working actually offers the worst of both worlds for IT teams who have to simultaneously manage and mitigate security risks that occur both in and out of the office, while providing a seamless experience that enables employees to work-from-anywhere.

“With limited resourcing and budget, this isn’t going to be easy. But failure to do so could threaten companies’ security posture and see businesses losing out on talent. Education on the threats people could be exposed to and the threats they pose to company security is an important first step. Businesses also need to invest in solutions that alleviate the pressure on IT teams, providing them with greater visibility into employee behaviors, automating manual tasks and alerting employees to threats to prevent them from causing security incidents before they happen.”

Read Tessian report, in full, here: Securing the Future of Hybrid Working.
(https://www.tessian.com/research/the-future-of-hybrid-working/)

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Half of organizations experienced security incidents while working remotely

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Half of organizations experienced security incidents while working remotely

Related Articles

Related Products

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.