The increasing number of employees working remotely today is causing grey hairs for infosec and business leaders with cybersecurity responsibilities, according to a new Cisco Systems survey.
Eighty-four per cent of the 6,700 respondents surveyed — including 81 per cent of the 300 Canadian respondents — said logging in remotely as part of hybrid work has increased cybersecurity risks for their organization.
Identical numbers — 84 per cent of global respondents and 81 per cent of Canadian respondents — believe unregistered devices used by staffers are likely to cause cybersecurity incidents for their organization.
And, not unexpectedly, there are large numbers of staffers using unregistered laptops, tablets, and smart phones for remote access. Eighty-four per cent of global respondents — and 79 per cent of Canadians — say their employees are logging onto work platforms from unregistered devices.
Seventy-one per cent of global respondents — including 65 per cent of Canadians — say their employees spend more than 10 per cent of the day working from unregistered devices. Forty-four per cent of global respondents said their employees are spending 20 per cent of their day or more on an unregistered device logged on to the company network.
The numbers point to the fact that “security took a backseat” when organizations were forced to shift workloads to the cloud fast, early in the pandemic, Jason Maynard, Alberta-based field chief technology officer for cybersecurity at Cisco Systems Canada, said in an interview.
The report points to the significant challenges infosec pros face in securing a remote workforce. Employees want a similar experience to working in the office, he said, but with security controls that don’t make it harder for them to do their jobs.
“It’s not just about work-from-home anymore,” he added, “it’s working from anywhere.” Employees are connecting over home, cellular, or coffee shop WiFi networks, he said. In fact 54 per cent of global survey respondents — and 58 per cent of Canadians — said their employees are connecting to the office over as many as five different networks. Another 22 per cent of global respondents — and 18 per cent of Canadians — said their staff have been connecting over as many as nine different networks.
Infosec leaders need to develop strategies and technologies that rate the level of trust of these devices and mitigate risk factors, Maynard said.
That may mean, for example, refusing to allow a device to access corporate data unless an antivirus and firewall are enabled. If the device is coming from an untrusted location, multifactor authentication may have to be added.
“Resilience is about verifying threats, understanding connections across your organization, and seeing the full context of any situation so you can prioritize and ensure your next action is the best one,” the report says.