Perfect storm of cyber security risks threatens the hybrid workplace says report
- Published: Friday, 29 October 2021 09:42
HP Inc. has released its latest HP Wolf Security report: ‘Out of Sight & Out of Mind’, a comprehensive global study highlighting how the rise of hybrid work is changing user behavior / behaviour and creating new cyber security challenges for IT departments.
The research shows that a growing number of users are buying and connecting unsanctioned devices outside of IT’s purview. It also highlights that threat levels are rising, with attackers increasingly successful at bypassing defenses / defences and tricking users into initiating attacks through phishing. All of this is making IT support more complex, time-consuming, and costly than ever.
The report combines data from a global YouGov online survey of 8,443 office workers who shifted to working from home (WFH) during the pandemic, and a global survey of 1,100 IT decision makers conducted by Toluna.
Key findings include:
- New Shadow IT buying and installing endpoints with security out of mind: Shadow IT typically refers to non-IT departments deploying software beyond the control of IT. This shadow is now spreading, with individuals procuring and connecting devices without being checked by IT. 45 percent of office workers surveyed purchased IT equipment (such as printers and PCs) to support home working in the past year. However, 68 percent said security wasn’t a major consideration in their purchasing decision, while 43 percent didn’t have their new laptop or PC checked or installed by IT, and 50 percent said the same of their new printer.
- Phishing becoming increasingly successful: 74 percent of IT teams have seen a rise in the number of employees opening malicious phishing links or attachments on emails in the last 12-months. 40 percent of office workers surveyed aged 18-to-24 have clicked on a malicious email with almost half (49 percent) saying they have done so more often since working from home. Of office workers that clicked or nearly clicked a link, 70 percent didn’t report it to IT – 24 percent didn’t think it was important, 20 percent cited the ‘hassle factor’, while 12 percent had a fear of reprisal or being punished.
- Increase in devices being compromised fuels growth in rebuild rates: 79 percent of IT teams report rebuild rates increased during the pandemic. Rebuild rates directly correlate to the number of endpoints that require wiping and reimaging because they have been compromised, which implies more attackers are successfully breaching outer defenses. The real figure could be higher still: 80 percent of IT teams worry that employee devices might be compromised and they don’t know about it.
- With threats rising, it’s becoming more difficult for IT teams to deliver security support. 77 percent of IT teams said the time it takes to triage a threat has increased in the past year, while an estimated 62 percent of alerts relating to the endpoint are false positives, leading to wasted time. With IT teams tied up dealing with alerts, it’s becoming harder for them to onboard employees and identify threats:
- 65 percent of IT teams said that patching endpoint devices is more time-consuming and difficult due to the mass shift to home working, while 64 percent said the same of provisioning and onboarding new starters with secure devices.
- As a result, IT teams estimate the cost of IT support in relation to security has risen by 52 percent in the last 12-months.
- 83 percent of IT teams said the pandemic has put even more strain on IT support because of home worker security problems, while 77 percent of IT teams say homeworking is making their job much harder and that they fear
Read the report (PDF).