IT decision makers to expand WFH initiatives as two-thirds prepare for increased malware, phishing, and unauthorized user and device access exposures
Despite security issues and concerns resulting from the massive and sudden increase in Work-From-Home (WFH) initiatives caused by the global COVID-19 healthcare crisis, one-third (38%) of U.S. companies observed productivity gains during remote work and a staggering 84% anticipate broader and more permanent WFH adoption beyond the pandemic, according to Pulse Secure’s 2020 Remote Work-From-Home Cybersecurity report.
The report offers an in-depth perspective on WFH challenges, concerns, strategies and anticipated outcomes. The survey, conducted in May of 2020, polled over 400 IT security decision practitioners across a broad representation of industries and companies between 500 and over 5,000 employees. The survey found that 33% of U.S. companies anticipate some positions moving to permanent remote work and over half (55%) plan to increase their budget for secure remote work in the near-term.
“This new research provides organizations comparative insight into how enterprises are addressing immediate work-from-home requirements and cyberthreat challenges to ensure business continuity and employee well-being,” said Scott Gordon, chief marketing officer at Pulse Secure. “Beyond offering a wake-up call for emergency preparedness, the findings indicate a strong likelihood of organizations permanently extending work-from-home flexibility and advancing secure access capabilities.”
WFH adoption accelerated cloud app growth and business continuity challenges
The research indicates that three-quarters of businesses now have more than 76% of their employees working from home compared to just under 25% at the close of 2019. While a third of respondents cited their business being “ill prepared or not prepared” for remote working, 75% of businesses were able to transition to remote working within 15 days. Surprisingly, less than a third expressed cost or budget problems, demonstrating the urgency to support their business. Additionally, more than half (54%) expressed that COVID-19 has accelerated migration of users’ workflows and applications to the cloud.
Increase in WFH employees fuels security and compliance issues
In terms of security risks, two-thirds (69%) are concerned with WFH security risks with the majority expressing low user awareness training, insecure home/public Wi-Fi networks, use of at-risk personal devices and sensitive data leakage as prime threat contributors. In terms of application exposure, respondents feel anxious over file sharing (68%), web apps (47%), and video conferencing (45%) risks.
While 78% expressed enforcing the same level of security controls and data management for on-premise and remote users, a further 65% allowed access from personal, unmanaged devices. Two-thirds of IT security professionals anticipate malware, phishing, unauthorized user and device access, and unpatched/at risk systems to be the most exploitable WFH attack vectors. In addition, 63% expressed that remote work could impact compliance mandates that apply to their organization; especially GDRP, PCI-DSS, HIPAA and those with data breach notification.
Wider trends toward security tools consolidation
Survey respondents employed various tools to secure remote work / home office scenarios with the top four controls being endpoint security, Firewalls, virtual private networks (SSL-VPN) and multi-factor authentication (MFA). According to separate research by Enterprise Management Associates, 57% of organizations regard the consolidation of access management solutions into a single platform to be a high or extreme priority for their business this year.
“The mass adoption of WFH has highlighted the need for organizations to embrace more holistic secure access strategy that supports both flexible working and the growing shift towards hybrid IT. The most effective IT management solutions are platforms that are both modular and integrated,” noted Steve Brasen, research director with Enterprise Management Associates. “Modular solutions allow organizations to adopt the exact feature set they require to meet business needs. However, solutions must also be fully integrated to yield desired management efficiencies. Solutions, such as Pulse Secure Access Suite, address broad secure access needs while yielding operational and economic benefits.”