Remote Workforce Security Survey shows access control policies providing hackers with more routes into organizations
by Bassam Al-Khalidi
Securing an organization’s workforce was an ongoing challenge before 2020, but the remote working explosion facilitated by the Covid-19 pandemic put the issue front and center. To explore how organizations are dealing with this challenge, Axiad partnered with Cybersecurity Insiders to compile the 2021 Remote Workforce Security Report, which interviewed IT and cybersecurity professionals across industries.
This report reveals the issues IT and security professionals face to secure the “new, perimeter-less workforce.” Where once organizations existed in a controlled, protected environment from a security standpoint, we are now dealing with a distributed workforce operating outside of a secure office environment. Managing multi-factor authentication, increased security threats, and expanded remote access is proving a seismic challenge.
Key findings from the report include:
To bolster the capacity for providing employees with secure access to corporate resources, organizations purchased more user licenses for existing applications (47%), more hardware (29%), added additional vendors (26%), and purchased more cloud applications (19%). Seventy-nine percent of security professionals also enforce the same level of security controls and data management for all roles when accessing corporate resources remotely. This increase in access means that more users can access confidential data and resources, giving hackers a higher chance of reaching this information by infiltrating one remote worker’s system.
More than half (52%) of tech leaders said their remote employees had found workarounds to their company’s security policies. Employees were most resistant to comply with multi-factor authentication, mobile device management, and password managers, making it difficult for organizations to ensure all their employees are fully and securely authenticated to all their applications and devices. These gaps in authentication leave the business vulnerable to cyberattacks.
Phishing threats (71%) and malware (61%) have emerged as the most significant new threat vectors concerning remote work environments. Unpatched vulnerabilities also proved to be an issue for over half (56%) of respondents, with a smaller amount concerned about identity theft (37%), malicious websites (42%), and unauthorized users and privileged access (49%). The concern of phishing threats has been top of mind for many IT leaders – they can invest in new technology to limit the threats, but ultimately they need to educate their employees to identify phishing to prevent it.
We believe this dramatic increase in phishing threats, combined with 52% of remote workers undermining their company’s security practices, creates a perfect storm for tech leaders. It’s concerning that so many employees take shortcuts to get their job done, rather than embrace their personal responsibility to follow the policies of their company. As companies increase access to their workers, the concerns surrounding these workarounds only grow. IT teams must resolve this natural tension between ease of use and security and find a way for remote employees to authenticate quickly, securely, and without friction.
Conclusion: Technology is only half of the battle
As businesses settle into the new normal of remote and hybrid work, many of the long-term impacts on cybersecurity are only just coming to light. We expected a rise in threats and cloud application usage but were surprised at some of the “human issues” that are impacting tech leaders and introducing more security risk into their organization.
To address this problem, IT and security teams should create security practices that are simple and user-friendly for remote workers. Empowering remote employees to take personal responsibility for their own authentication and security posture, without waiting for the involvement of the helpdesk and IT team, will go a long way towards that goal.
To view the full results of the survey, see here.
About the Author
Bassam has over 15 years of experience in designing and deploying identity and access management solutions across large government, enterprise, and healthcare organizations. He is a leading expert in CAC/PIV smart card and PKI deployment, and has been involved in multiple enterprise-class ID badge deployments over the last several years. He has held a variety of management and senior technical roles for established industry leaders, including ActivIdentity.