Tenable has published results of a study that found 72% of UK organisations attribute recent business-impacting* cyberattacks to vulnerabilities in technology put in place during the pandemic, while 68% suffered attacks that targeted remote workers. The data is drawn from ‘Beyond Boundaries: The Future of Cybersecurity in the New World of Work,’ a commissioned study of more than 1,300 security leaders, business executives and remote employees, including 168 respondents in the U.K., conducted by Forrester Consulting on behalf of Tenable.
Over a year after work-from-home mandates went into effect, many organisations are planning their long-term hybrid and remote work models. In fact, 70% of U.K. organisations now support remote employees, compared to 31% prior to the pandemic, while 86% plan to permanently adopt a remote working policy or have already done so. But embracing this new world of work has opened organisations to new and unmanaged cyber risk.
Enabling a workforce without boundaries: Only 48% of U.K. organisations are adequately prepared to support hybrid working models from a security standpoint. The result is that 78% of security and business leaders believe their organisation is more exposed to risk as a result of remote work.
Cloud adoption accelerated for critical systems: As part of changes made in response to the pandemic, 46% of organisations moved business-critical functions to the cloud, including accounting and finance (42%) and human resources (33%). When asked if this exposed the organisation to increased cyber risk, 80% of security leaders believed it did.
Attackers are taking advantage: 90% of organisations experienced a business-impacting cyberattack* in the last 12 months, with 51% falling victim to three or more.
“Remote and hybrid work strategies are here to stay and so will the risks they introduce unless organizations get a handle on what their new attack surface looks like,” said Amit Yoran, CEO, Tenable. “This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattacks and another that accelerates business productivity and operations in a secure way. CISOs and CEOs have the opportunity and responsibility to securely harness the power of technology and manage cyber risk for the new world of work.”
Hybrid work models and a digital-first economy have brought cybersecurity front and center as a critical investment that can make or break short- and long-term business strategies. To address this demand, 75% of U.K. security leaders plan to increase their network security investments over the next 12 to 24 months; 73% will increase spend on cloud security; 66% plan to spend more on vulnerability management.
“The rapid adoption of technology to support a hybrid working model and moving business-critical functions to the cloud were a necessity driven by circumstance,” said David Cummins, VP of EMEA, Tenable. “The reality has seen the corporate attack surface explode, with many organisations still struggling to understand and address the risks introduced. Managing the plethora of technologies is now necessary to ensure enterprises aren’t left vulnerable and susceptible to cyberattacks.”
Further results from the study, including how organisations can manage risk in the new world of work, are available.
*“Business-impacting” relates to a cyberattack or compromise that results in one or more of the following outcomes: a loss of customer, employee, or other confidential data; interruption of day-to-day operations; ransomware payout; financial loss or theft; and/or theft of intellectual property.