A nationwide survey of 2,000 UK employees conducted by Censuswide on behalf of Armis, analyses the new working culture and security of personal devices before the inevitable return to the office.
The results released today, demonstrate a heightened cybersecurity threat as the majority of the UK workforce (61%) intend to return to the office with their personal devices, despite a quarter (25%) admitting to having insufficient policies in place to ensure they are properly secure. This can put an organisation at significant risk of a cybersecurity breach.
Other key findings include:
- 61% of employees use their personal mobile phone and 44% use their own laptop for business purposes
- Almost 60% of UK employees don’t believe their personal devices represent a threat to their organisations
- Individuals in Legal, Manufacturing & Utilities, Healthcare and Retail, Catering & Leisure most likely to say that personal devices don’t represent a threat to their organisations
- Those in Sales, Media & Marketing, Manufacturing & Utilities, or Travel & Transport least likely to have policies in place to secure devices used from home, making them more at risk
After over a year of remote working, people have become accustomed to using various connected devices while working from home, including mobile phones, laptops, fitness watches, Amazon Alexas, and even Wi-Fi connected coffee machines. Over the lockdown period there has been a massive increase in cyber-attacks on companies of all sizes, with almost 177,000 incidents in 2020 alone.
These are often the result of unsecured devices, as they present a vulnerable entry point for attackers to exploit and gain access to a corporate/company network. These vulnerabilities will only be exacerbated by the introduction of Amazon’s new sidewalk feature, which would allow certain devices on company networks to establish direct connections with other devices beyond their control, exponentially increasing the risk of cyberattacks.
“This year especially we have seen a surge in successful cyber-attacks, in which threat actors exploited weak entry points and unsecured devices,” said Andy Norton, European cyber-risk officer at Armis. “The HSE ransomware attack, for instance, was the result of a phishing link, which then infected an entire network.
“The Florida water supply hack was down to a weak, out-of-date software. These types of attacks are highlighting the importance of increasing security measures wherever possible, especially now with the risk of hundreds of new, unsecured devices overwhelming systems and IT departments with new ways to access a network.”
Paul Davis, RVP EMEA at Armis concluded: “Forewarned is forearmed. It’s very clear that people have become comfortable working from home while using a variety of connected devices. The issue of unsecured devices posing a risk to businesses isn’t exactly news; however, this will be exacerbated by the surge in devices that will potentially connect to company networks.
“Individual devices already carry an excess of personal information, providing attackers with an attractive target to attack both companies and individual employees. Security departments will need to prepare a proactive security plan with specific policies to make sure their staff can continue to use these devices in the office. It’s better to have an extra layer of security than suffer the consequences of a breach.”