A new survey shows that the massive expansion of home office use has left companies around the world with serious gaps in IT security. 92 percent of all respondents have suffered at least one malware attack.
“Outside the boundaries: The future of cybersecurity in the new world of work” is the title of a study carried out by Forrester market researchers on behalf of the security experts at Tenable. It deals with the question of how the expansion of corporate networks to the outside world, i.e. into the home office, has affected IT security. In doing so, it comes to disastrous results.
92 out of 100 companies fell victim to one or more hacking attacks during the first year of the pandemic
Forrester interviewed over 1,300 participants over the phone. These include security experts and company executives as well as almost 500 home office users. The survey took place in April and includes employees from companies from ten countries, including Germany. Of the executives surveyed, 92 percent said they were victims of a malware attack between March 2020 and March 2021. 70 percent of company representatives even had to accept three or more such attacks.
67 percent of all attacks were directed against employees in the home office – making the home office gateway the most important attack vector. The reasons for this are understandable.
Home office had to be raised from the ground up – at the expense of security
Working from home had to be introduced in the wake of the corona pandemic in a quick snap. Employees from the IT department will not have installed significantly more than one VPN client on the computers of those migrating to the home office. Almost half of all IT people in the survey also stated that effective protection of the home office computer was simply not possible due to a lack of insight into the respective home networks of the employees.
Those employees were then attacked by malicious actors using common methods. Malware was largely washed onto home workers’ computers via phishing and social engineering. The attackers relied on current fear topics relating to the novel coronavirus in order to trigger the willingness of their victims to click.
The security experts from the Munich-based company F5 Labs were also able to document an increase in phishing and malware with corona fear topics by more than 200 percent compared to the time before the pandemic. And the cybersecurity company Proofpoint, together with the private Ponemon Institute, presented a study on phishing attacks on US companies in August 2021, which showed that the 591 IT managers surveyed recorded significantly higher losses from phishing attacks was. The respondents put the damage at about $ 14.8 million. That represents almost a quadrupling of the damage amount since 2015.
Working from home remains – companies respond with more IT staff
The respondents from the Forrester study now primarily want to increase their staff in order to be able to counter the threat situation with more manpower in the future. None of the respondents believe that the home office situation will relax as almost all employees return to the office. Rather, they assume that the home office will become a regular workplace for far more people than before.
The 34-page study can be downloaded as a PDF free of charge and without further ado.