Cybersecurity doorways left ajar in the race to remote work

SailPoint Technologies Holdings, Inc. released an international study revealing security pitfalls that stem from remote work. The human workforce always comes with a certain security risk level, as hackers continue to target humans as the enterprise's weak link. Yet, with the COVID-19 shutdowns, and the subsequent need to enable remote work by opening up access to entire workforces, many organizations inadvertently opened the door to expansive risk. The survey uncovered several security threats with every worker whose access was freely granted without proper security controls in place, including phishing attempts, using personal devices for work and vice versa, and sharing passwords with friends and family.

"When the pandemic began, businesses had to flip a switch to enable remote work nearly overnight. In this rush, many companies focused on granting access, skipping over the securing of that access. This resulted in an explosion of unsecured technology access across the business," said Juliette Rizkallah, CMO, SailPoint. "You cannot do business today without technology, and you cannot securely use technology without identity security. Companies are recognizing how foundational identity security is to their business as we continue to work from home. Those who had identity security in place were set up for success, while those without strong identity security programs found themselves in an unexpected risk management time crunch."

SailPoint's survey engaged a representative sample size of consumers 18+ across the United States, the United Kingdom, France, Germany, Australia, and New Zealand, digging into seemingly innocent overlaps that a newly remote employee may experience during life working from home. While the COVID-19 pandemic is the worst health crisis seen in nearly a century, bad actors view it as a way into a company. Nearly half (48%) of total U.S. respondents said they had experienced targeted phishing emails, calls, or texts in a personal or professional capacity during the first six months of remote work. Similarly, over half of EMEA and ANZ respondents (51%) experienced a phishing attack since the pandemic began, with one in ten (10%) reporting they were targeted by one or more a week.

Rizkallah commented, "In the case of phishing, hackers target employees with malicious links embedded in carefully crafted emails. Upon clicking, employees unknowingly download keylogging software onto their PC providing their credentials to malicious actors. Hacker can then freely access important business assets and data, masquerading as a legitimate employee. With identity security, suspicious user behavior anomalies such as large data downloads, or after hours activity, can be quickly spotted and remediated by making users change their password or by revoking access until anomalies are analyzed and cleared.”

As the lines between home, work, and school fade, so too have the barriers businesses put in place to keep employee’s personal and professional information secure. In addition to employees using their own devices, the survey found 1 in 3 U.S. employees and half of employees in EMEA, Australia, and New Zealand use their own computers and smartphones to work remotely. SailPoint's findings also show that password sharing has become more commonplace within households during the pandemic. 1 out of 4 respondents shared work passwords with a third-party, including partners, roommates, or friends.

Rizkallah concluded, "Sharing passwords across work and personal accounts can lead to multiple systems to be compromised. Once a hacker has those credentials, they can walk right into the corporate network. Access needs constant protection no matter how the workforce evolves, it is not enough to simply grant it. With so many new tools, platforms, databases, cloud infrastructures, and more that makeup today's digital enterprise, every organization today requires a scalable and dynamic identity solution to protect every worker and every access point they have to sensitive business assets no matter the device or location they choose to work from—office or home.”

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.