The New Normal: The Security Risks of Future Remote Working

by Security Centric, on 05/11/2020 1:11:42 PM

By now we’re all aware that COVID-19 has changed the way we work. Organisations have had to adjust their ICT environments to accommodate the mandated work-from-home requirements, and these adjustments have in turn created new challenges – particularly in the realm of information security.  

What has become clear in the last eight months of the pandemic is that a “new normal” is emerging, and it’s time now to understand what that looks like for information technology environments, remote working expectations, and to focus on how to move forward with this changing face of work.  

In what seems to be the first security focused study on what this might look like, the team at Cisco have surveyed over 3000 IT decision makers in both small, medium, and enterprise organisations to understand what challenges, shifts, and preparations for the new normal look like. While the 101-page report itself focuses on global businesses, the following statistics are from the Asia Pacific subset.  

Future Remote Working Statistics:  

  • 65% of organisations report more than half of their workforce are currently remote workers
  • 34% of those surveyed expect more than half of their workforce to be remote in the new normal

The Importance of Cybersecurity Due to Remote Working: 

  • 85% of respondents said that cybersecurity is extremely important 
  • 41% say that it is more important to their organisation now than what it was before the pandemic.  
  • This trend is consistent across small, medium, and enterprise organisations.  

The Threat Landscape of Remote Working 

  • 69% of businesses said that they experienced an increase of 25% or more in cyber threats or alerts. Worryingly, 7% said they wouldn’t be able to tell either way.  

Industries Most Affected by Remote Working Cyber Threats 

Architecture, chemical engineering, manufacturing and education security threats

Financial Services, Software Development, healthcare cyber threats

Images courtesy of Cisco: The Future of Secure Remote Work

Top Cybersecurity Challenges for Organisations Due to Remote Working:  

  • Secure access, defined as the ability to securely enable access to the enterprise network and applications for any user, from any device, at any time, is the top cybersecurity challenge faced by the largest proportion of organizations (62%) when supporting remote workers. 
  • Endpoint protection, including office laptops and desktops, as well as employees using personal computers for work-related activities, were a concern for more than 57% of respondents.  
  • 51% found protection of customer information a challenge 
  • 52% found the security of cloud applications to be a challenge.  

Preparedness for Secure Remote Working 

  • 61% said that they were not prepared or somewhat prepared for the rapid digital transformation due to the pandemic. This accelerated change likely means that many are playing catch-up in terms of security for their ICT environments.  

Top Cybersecurity Policy Related Changes due to the Pandemic: 

  • Increased VPN Capacity 
  • Increased Web Controls and Acceptable Use Policy 
  • Implementation of Multi Factor Authentication (MFA).  

Top Cybersecurity Protocol Concerns for Remote Working: 

  • 61% of organisations said that lack of education and employee awareness was the top challenge. 
  • 53% said that they had too many tools/solutions to manage and toggle – meaning finding a way to work more securely with existing applications or changes to a simpler, more secure set-up is important.  

Future Budgeting for Cybersecurity 

  • 70% of respondents reported that they are likely to increase their cybersecurity investments due to changes from COVID-19. 

Overall, the lessons learned from the changes due to the pandemic indicate that companies are finding cybersecurity to be more important, and that within that is a focus on ensuring security is an enabler instead of a hindrance to collaboration amongst a remote working environment. Given that the nature of work is likely to be forever changed, organisations who have yet to properly secure their changed environments or who are still implementing remote-working ICT environments should make information security a key component of their transformations. Using the information above gives great guidance for those looking for a place to start in securely enabling remote working.  

Need an information security assessment, help in hardening your environment, or cybersecurity education for your organisation? See our services or contact us today.  

Interested in the full report? Find it here: 

Topics:Risk AssessmentPenetration TestCloud SecuritySecure Remote WorkGovernance


Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates