The number of cyberattacks and cyber risks continues to rise. In 2022, we again broke several cybercrime and cybersecurity records, including regarding the cost of a data breach and phishing, to name a few.
The increased cybersecurity concerns have not gone away. They have also grown for several years now and result from several factors, as mentioned in several articles.
79 percent of organizations agree that remote working adversely affected their cybersecurity and increased the burden on security teams.
Before 2020, there was already, among other things, an increase in third-party risks and software supply chain attacks with an ever-growing attack surface due to ongoing digitization and accelerating digital transformation. Added to that was the growth of attacks on IT and OT systems with Industry 4.0, the Internet of Things, and cyber-physical convergence in general.
As IDC says in a July 2022 update on IT security spending, those attacks on IT and OT systems have increased even more following the outbreak of the war in Ukraine.
The challenges of remote work from a security perspective during the pandemic
And then, there was a massive increase in cybercrime during the pandemic. One of the risks here was the transition to remote work – where possible – with still quite a lot of remote and hybrid working going on today (and in the following years as the future of work evolves).
Along with the overall decentralization of IT, this transition – temporary or otherwise – to remote working and more permanent hybrid working has created many cybersecurity challenges.
70 percent of organizations believe their workforce was more productive working from outside the office (2022 Mobile Security Index)
There are several reasons for this:
- IT and security teams were under pressure because everything had to happen very quickly and in many areas at the same time, leading to sacrifices on a security level;
- Even today, when the pressure of those first years has gone, new challenges and urgencies keep adding to the workload while recruiting cybersecurity talent remains tough, making it hard to catch up in some areas;
- Many companies and workers had no – or only little – previous experience with remote work, a significant security challenge in itself;
- A solution for remote work consists of several components that all have their weaknesses, and it carries several risks regarding attack surface management given the expansion of the attack surface;
- Remote working is about people, and less digitally experienced people tend to pose a greater risk,
- The gigantic transition to remote working didn’t escape the attention of cybercriminals who saw tremendous opportunities.
Security of mobile devices and remote systems too often leaves much to be desired
This list is certainly not exhaustive. More important is the question of what has been the impact of remote work on cybersecurity, particularly mobile security. And what are companies doing to address and, where possible, tackle the risks and attacks that come with remote and hybrid working?
The Verizon Mobile Security Index 2022 (released in July 2022 and surveyed approximately 600 decision-makers in April 2022) looks at some of these issues.
According to the report, remote work is leading to a sharp increase in cybercrime. So let’s tackle a few reasons why.
Almost two-thirds (66 percent) of companies state that they had previously been pressured to sacrifice mobile-device security “to get the job done,” with 52 percent succumbing to that pressure.
First, it’s worth noting that per the Verizon Mobile Security Index 2022, the number of significant attacks involving a mobile and/or IoT device rises, with 45 percent of responding organizations having experienced a compromise over the past 12 months (so, ending April 2022). That’s an increase of 22 percent compared to the year before.
An impressive seventy-nine percent of respondents agreed that “recent changes to working practices have adversely affected their organization’s cybersecurity.” And it’s definitely not about changing working practices or remote work as such nor about workers (alone).
One of the main reasons is that security teams face an uphill battle with the increasing number of devices, remote workers, and locations that come with remote/hybrid working – and with all the resulting threats and risks. And of course, there’s more than “just” the devices, solutions, and tech. Think about security training and policies, for instance.
Yet, there is a lack of time and support to make it all happen, although budgets for mobile security are there per the report.
45 percent of organizations had recently experienced mobile-related compromise, almost twice as many as in the 2021 survey.
It already shows on the policies that don’t seem to be adapted to a different world of work since 85 percent of respondents say that home Wi-Fi and cellular networks/hotspots are allowed or that there is no policy against them, while 68 percent allow or have no policy against the use of public Wi-Fi.
With all the pressure to get work done on time and meet deadlines/goals, quite a few respondents admit that mobile device security is not what it was supposed to be.
Almost two-thirds (66 percent) of companies state that they had previously been pressured to sacrifice mobile-device security “to get the job done,” with 52 percent succumbing to that pressure.
The increase in the number of devices and remote workers is a difficult challenge for security teams. If the security of mobile devices and remote work applications does not happen properly, this means extra work or problems later on. Of course, in most cases, people are aware of this. But the findings on how companies deal with their mobile security policy show that this does not really translate into action. So much work is still needed, especially if we look at other report findings.
Despite all the concerns and challenges, as the report’s landing page states, 70% of organizations believed their workforce was more productive working from outside the office, per the survey.
More of those findings on mobile security, the report, and remote work and security in the full Verizon Mobile Security Index 2022 (registration required).