Around half (48%) of UK businesses have admitted that their cybersecurity policies aren’t fit-for-purpose in the “new normal” of mass remote working, according to Centrify research.
The access management vendor polled 200 senior decision makers in medium and large businesses to better understand their evolving security challenges during the current pandemic.
While many are aware that current policies will need to be updated, they do seem to be taking steps to try and bolster security. Three-quarters (75%) of those polled said they have issued formal guidance or training to staff on secure home working, and half are planning to hire new IT or security staff to enhance security processes.
However, this won’t be easy given current skills shortages, which are estimated at over four million positions globally, including over 290,000 in Europe. Many may have to seek outside help via managed service providers and contracting staff.
On that point, nearly three-fifths (59%) of respondents said they now treat outsourcers and other third parties as an equal cyber-risk as remote working employees, which should help to reduce the threat from the supply chain.
Half of all cyber-attacks revealed by Carbon Black in a report last year involved some form of “island hopping” from a supply chain partner.
According to Centrify, most (65%) decision makers in medium and large firms expect an increase in phishing attacks and attempts to steal sensitive data going forward. This is to be expected, as cyber-criminals look to ramp up attacks against potentially distracted employees and unpatched remote access infrastructure.
Although Microsoft has claimed that the volume of COVID-specific threats remain very small, less than 2% of all threats, it has also warned of sophisticated ransomware attacks on hospitals and other organizations during the crisis.
“Unfortunately, remote workers including third-party contractors have been deemed a desirable target by cyber-criminals, who are assuming that these employees have not been properly trained in, or protected by, the correct security measures in their transition to remote working during the COVID-19 pandemic,” said Centrify VP Andy Heather.
“However, it’s promising to see that so many businesses have adjusted security policies in response to this threat and are still considering bolstering security and IT staff.”