The transition from a largely office-based workforce to having most employees working from home has left many organizations exposed to cyberattacks. While having employees working from home does not necessarily mean a weakening of security defenses, the problem has been the speed at which the changes had to be made. The rapid change to an at-home workforce as a result of the Covid-19 pandemic has meant organizations have not had sufficient time to prepare and address vulnerabilities.
According to Alliant Cybersecurity, this is especially the case with small to medium sized companies that have had little previous experience with telecommuting. Alliant Cybersecurity conducted a survey on 507 senior decision makers at companies with 500 or fewer employees in April to determine how well organizations have addressed the challenges associated with a move to a largely at-home workforce. The survey revealed 52% of organizations that have switched to virtual and remote working did not previously allow employees to work from home and had no experience of dealing with remote workers.
Despite the lack of experience, a large percentage of those firms were confident that they had implemented the appropriate policies, procedures, and security measures to ensure that cybersecurity threats were effectively mitigated. 45% said they were very confident they had effectively mitigated cybersecurity threats, with a further 45% saying they were somewhat confident that threats had been mitigated.
While it would certainly be good news if threats had been neutralized, it would appear that confidence may be somewhat misplaced. Closer scrutiny of the companies revealed that may had not taken the necessary actions to effectively mitigate risk and are at a much higher risk of experiencing a successful cyberattack.
22% of respondents said they transitioned to remote work rapidly without having a clear policy on how to mitigate cybersecurity threats. Only 17% said they were aware that their organization faced an increased risk of a cyberattack as a result of having employees working from home, and 12% said they would not know how to respond to a cyberattack if one occurred.
21% of senior decision makers that took part in the study admitted they need to invest more in cybersecurity solutions to protect against attacks. 24% said they have not created a response plan to deal with a cyberattack and appreciated that one was required. 13% of companies represented in the survey said they had already experienced a cyberattack during the COVID -19 pandemic.
“Many senior decision makers simply haven’t come to reality with their cybersecurity capabilities,” explained Rizwan Virani, president of Alliant Cybersecurity.
A separate study conducted by the ISP specialist Beaming highlighted the importance of improving cybersecurity defenses. During the first 3 months of 2020, the number of cyberattacks on UK businesses had increased by nearly a third compared to the same time last year. Their analysis revealed an average UK business experienced 157,000 attempted attacks during the period of study, which is up from 120,000 attempted attacks per company this time last year.
“Businesses of all sizes need to take the threat seriously and take sensible steps to improve their resilience to attack, particularly now that the risk is magnified with so many people working from home,” said Sonia Blizzard, managing director of Beaming.