With the rapid shift to remote work, the need to keep endpoints protected has become even more challenging for both users and IT departments. According to a report by the Information Systems Security Association, more than a third of IT cybersecurity professionals say that they feel the hybrid-work arrangement leaves their organisation more compromised and exposed to security threats.
This growing concern could be attributed to the fact that users and devices are now dispersed more than ever — and they’re likely to stay that way for a while. Some organisations found roadblocks in making the necessary adjustments to reduce endpoint security risk in the face of these new or unknown threats. In fact, Ponemon Institute surveyed 671 IT security professionals and found that 68% saw a noticeable increase in the frequency of attacks, with one or more successful endpoint attacks occurring in the past two years alone.
In this article, we’ll explore some of the leading reasons for why IT security must be more vigilant.
It’s been a little over a year since a majority of companies sent employees home; and now every industry is slowly starting to return, but with a hybrid twist. It’s become clear that there’s going to be a split in how businesses operate moving forward: Some may remain remote long term, some will have everyone back in the office once again and others will go for a middle ground approach.
HP’s Proprietary Research report for 2020 found that at least 50% of employees are currently working from home and 98% of these workers would like to continue part-time remote work for the rest of their careers. Unfortunately, as a result of this shift, some IT pros have tracked as many as double the number of cybersecurity incidents at their organisations. Taking this into consideration, it’s no surprise that this is the reason 57% of cybersecurity professionals anticipate spending more on endpoint security in the near future.
Technology plays a big role in the success of a company’s cybersecurity strategy, but equally important is the awareness among employees. More than 99% of email messages distributing malware require human intervention — such as clicking on links, opening attached documents and accepting pop-up warnings. Unfortunately, once a cyberpathogen gets into a business’s IT, it can easily and quickly spread from one system to another. That’s why educating workers about these threats and how to avoid them is critical.
Every month, there are a reported 102 million new malware threats — which breaks down to 360,000 attacks per day, or 4.2 attacks each second. After analysing the patterns behind these everyday attacks, Ponemon Institute determined that 80% were zero-day threats with 60% of them being missed by antivirus programs. Traditional antivirus software may not be adequate at detecting and preventing these more advanced threats. That’s why a total of 85% of organisations say they prefer modern IT security products with features such as Artificial Intelligence (AI), machine learning, containerisation, microvirtualisation and behaviour monitoring.
Without proper oversight of device security, it takes a while to know that you even have a problem. In general, organisations take an average of 315 days to identity and contain a breach caused by a malicious attack with only 97 of those days being spent actually patching the weak spot. Having more people working from home could increase the time it takes for an organisation’s IT cybersecurity team to identify and contain a data breach by days or even months.
Even though there’s a growing request for cybersecurity experts, there isn’t always enough people or resources to fulfill the need. In fact, about 85% of organisations have experienced a shortfall of skilled IT security personnel; a staggering 3.5 million cybersecurity jobs are expected to remain unfulfilled by the end of 2021. For those who have continued to work throughout the pandemic, they’ve reported an increase in workload (32%) and have found that their day-to-day activities were changed to non-security related IT duties to fill company gaps (47%). Stretched thin, IT teams are splitting their time between a myriad of tasks, taking them away from their main objective.
With more than half of the organisations today reporting a lack of in-house expertise and resources around endpoint protection, there’s never been a better time to revisit your current security strategy.