As consultancy firm Deloitte explains in their latest Future of Cyber survey, the COVID-19 pandemic has heralded a tremendous rise in operational complexity, with hybrid workplaces becoming the norm, cloud technology mushrooming in importance, and devices becoming ever more connected. This complexity has created a growing target for cybercriminals, and it’s a problem that Unisys believe we are not taking anywhere near seriously enough.
Each year the company produces its Security Index, and they argue that the social transformation caused by the pandemic has made this year's snapshot of global cybersecurity as important as ever before. The report, which is based on a survey of 11,000 consumers spread across 11 countries, reveals that despite high levels of concern around cybersecurity among employees, they often fail to perform even basic cyber hygiene behaviors to keep themselves safe.
"A lack of awareness around basic cybersecurity risks and threats is causing employees to unknowingly undertake risky behavior – putting their employers in jeopardy in the process," the authors say.
Ignorant of the risks
The report, which is in its 15th year, comes at a time in which around two-thirds of workers have been operating remotely at least part-time. What's more, this transformational shift has often occurred incredibly quickly, with this rapid change to the workforce seeing an almost overnight adoption of various cloud-based digital workplace tools to enable organizations to continue functioning somewhat normally.
As the pandemic has unfolded, concerns have shifted away from one's health and the state of one's employment towards matters of cybersecurity, with a 12-point rise placing the issue at the top of the global agenda. This growing level of concern is not aligned with the skills, tools, or processes to effectively tackle the problem, however.
"However, despite this increased level of concern around internet security, the survey found that a lack of awareness around cybersecurity threats is leading employees, especially those working from home part or full-time, to inadvertently put their employer’s network at risk," the report says.
For instance, nearly 40% of respondents said they would have no qualms about clicking on suspicious links, despite phishing attacks representing around 80% of cybersecurity incidents today. This lack of hygiene was especially pronounced on our mobile devices, with just under half saying they weren't as careful when working on their phone as they are on their laptop or desktop computers.
The picture is even bleaker when it comes to more advanced approaches, such as SIM jacking, of which just 21% of people were familiar with the attack that recently befell Twitter CEO, Jack Dorsey. This matter is compounded with a general lack of awareness of who one should report any attacks to, with most appearing to rely on their service provider to detect any suspicious activity and alert them.
"The resulting risks to businesses cannot be overstated," the authors explain. "The move to remote working occurred alongside a marked increase in cybersecurity threats – with malware rising as much as 358% from 2019 to 2020."
The general lack of awareness about cybersecurity or digital hygiene is leaving organizations incredibly vulnerable to attack. For instance, around half of employees said that they had downloaded an app or software that hadn't been approved by their IT team. When justifying this behavior, most responded that they regularly used these apps in their personal time so they assumed they were safe. Similar numbers blamed poor provision by their employer, with apps chosen by themselves regarded as better quality than those provided by their employer.
A ticking bomb
Such practices are only going to increase as employees demand more control and autonomy over not just where they work but also how they work, which will include the tools they use to do so. With the technology landscape evolving rapidly, it can be incredibly difficult for security teams to keep up with the multitude of tools and environments people are utilizing. Furthermore, the potential for employees to download and install unauthorized and potentially unsafe apps onto the company network is considerable.
Indeed, the report highlights data showing that malware delivered over company networks grew by 68% in the second quarter of 2021, with cloud storage apps accounting for the majority of malware delivery today.
The report emphasizes the importance of trust between employer and employee regarding the tools people use, but there also seems to be a clear need to improve the digital hygiene skills across the workforce so that employees can make safer and more secure decisions.
"Given the volume and complexity of cybersecurity threats today, businesses need to build trust with employees, closely monitor how and where applications are hosted, ensure the entire workforce has seamless connectivity and experience, and implement centralized controls if organizations want to guarantee protection from cybersecurity threats no matter where their employees are connecting from," the report concludes.
If hybrid working is to form a big part of the “new normal” as we emerge from the pandemic, then it’s vital that organizations do a much better job at introducing the skills and the processes across their workforce to ensure that it can be performed safely and securely. The last 18 months have certainly shown that hackers will have no qualms picking off those firms that don’t manage it.