RESEARCH TRIANGLE PARK – Millions of workers across North Carolina and the US working at home due to the COVID-19 pandemic need to be worried more about data security because cybercrimes are surging, a new report says. And in another new analysis, IBM warns that teleworkers are especially vulnerable to attack.
“There is a level of apathy and a lack of awareness when it comes to securing the home office environment. In my conversations with [chief information officers]s, they’re saying that when they’re testing their own employees at home now, they’re seeing double the failure rates on their security tests than they saw pre-COVID,” warns Mathew Newfield, Chief Information Security Officer at Unisys.
And a North Carolina-based cybersecurity firm warns companies to take action in order to ward off cyber threats.
“This unprecedented remote working explosion amounts to a dramatic game changer for corporate security officers and cyber attackers,” says Patrick Barry, Chief Information Officer at Rebyc Security.”
“Corporate cyber security strategies, policies, penetration testing procedures, and technologies need to be reconsidered and reevaluated and, in many cases, revamped.”
A new annual report from the tech and security firm finds that cyberattacks have surged 400% as the pandemic has driven workers from office networks to distributed connections.
IBM reported similar findings in its own recent security report.
IBM finds that::
- Confident, Yet Unprepared: 93% of those newly working from home are confident in their company’s ability to keep personally identifiable information (PII) secure while working remotely, yet 52% are using their personal laptops for work – often with no new tools to secure it, and 45% haven’t received any new training.
- Lacking PII Guidelines: More than half have not been provided with new guidelines on how to handle highly regulated PII while working from home. This is despite more than 42% of people who manage PII as part of their regular jobs now doing so at home.
- Policy Awareness: More than 50% of respondents don’t know of any new company policies related to customer data handling, password management and more.
- Personal (Unprotected) Devices in Use: More than 50% of new work from home employees are using their own personal computers for business use, however 61% also say their employer hasn’t provided tools to properly secure those devices.
- Passwords Lacking Protection: 66% have not been provided with new password management guidelines, which could be why 35% are still reusing passwords for business accounts.
Unisys concludes that teleworkers have a “false sense of security” with only 31% expressing concern about cyber attacks. Overall, security worries have fallen 19% so far this year even as the pandemic has spread and workers are staying home due to social distancing requirements imposed by state and local governments.
Honeywell notes that both the FBI and Federal Trade Commission have reported tremendous increases in cybercrime. Yet the Pennsylvania-based firm says “most Americans are not concerned about the risk of being scammed.”
Top worries, the survey says, are:
- Economic stability at 60%
- Healthcare infrastructure at 55%
“Internet Security is now the lowest concern among consumers, after having been steadily on the rise since 2017 and finishing as the area
of second-most concern in both 2018 and 2019,” the report notes. “Meanwhile, both National Security and Personal Security have moved up the agenda, driven by a rise in concerns about Personal Safety, which has increased by 9 percentage points to 58% seriously concerned, and concern about Epidemics/Disasters, which not surprisingly has increased by 8 percentage points to 62% seriously concerned.”
‘False sense of consumer security’
So what does Honeywell conclude?
“It’s not surprising to see people’s level of concern for their personal safety jump in light of the global health crisis. However, the fact that it is not only matched by, but exceeded by, a drop in concerns around hacking, scamming or online fraud reflects a false sense of consumer security,” Newfield said.
“Hackers target healthcare and essential services organizations looking to steal intellectual property and intelligence, such as details on national health policies and COVID-19 research. And hackers are relying on tricks like ‘password spraying,’ which involves an attacker repeatedly using common passwords on many accounts to gain access, putting our most critical infrastructures at risk potentially from the click of a single working-from-home employee.
“This underscores the need for businesses to ensure they are placing a clear and concerted emphasis on proper training for their employees working from home and adopting a Zero Trust security architecture that leverages best practices like encryption and microsegmentation.”
Most concerned about cybersecurity are women and people with lower incomes, the survey of some 15,000 people spread across nine countries found.
“The survey shines a spotlight on the significant ways that COVID-19 has impacted everyone, especially women, young adults and those with lower incomes,” said Unisys Chief Marketing Officer Ann Sung Ruckstuhl. “According to the U.S. Census Bureau, nearly half of adults 18 and over have either lost employment income or another adult in their household has lost employment income since the beginning of the pandemic. For many women, particularly those with children at home, the pandemic has only magnified the challenges they have long been facing as they juggle career and family.”