Fifty-six (56) percent of employees are using their personal computers as their company’s go remote in response to COVID-19 according to the Work-from-Home (WFH) Employee Cybersecurity Threat Index released by Morphisec. In addition, nearly 25% of employees working from home don’t know what security protocols are in place on their device and more than 1-in-4 have frequent or more issues with spotty WiFi limiting antivirus efficacy.
Morphisec’s WFH Employee Cybersecurity Threat Index was based on a survey of more than 800 traditional office workers from across the U.S. These employees self-reported as recently transitioning to working remotely during their company’s response to the COVID-19 pandemic. Although the trend toward remote work was already in progress when COVID-19 struck, it accelerated the transition far faster than anyone anticipated. Due to this, IT and security teams had to scramble in their response to the crisis, and the inaugural threat index spotlights the resulting cybersecurity gaps and vulnerabilities reported by employees.
The American workforce is now reliant on at-home WiFi networks and non-hardened work devices, says the report, and without reliable connectivity, employees may not be getting the protection they need. Antivirus and detection tools need a constant network connection to remain effective at blocking attacks. Non-hardened laptops or other endpoint devices can also pose a significant risk to enterprise network security. Research from earlier this year by Morphisec and Ponemon Institute found the average cost of a successful endpoint attack was $8.9 million in 2019.
Furthermore, attack surfaces have expanded during the crisis through employee reliance on collaboration apps. These tools are increasingly in the crosshairs of malicious parties and have less than adequate patching protocols. In fact, vulnerabilities have forced organizations such as Google, SpaceX, and NASA to actually ban employee use of such applications to reduce their risk of more sophisticated breaches. Morphisec Labs researchers discovered one such flaw in the Zoom application in April that enabled threat actors to record Zoom sessions without the participants’ knowledge.
Source: Security Magazine