March 2020, for most organizations around the globe, marked one of the largest workforce migrations in modern history as the novel coronavirus spread across the world at an unhindered pace.
Faced with the looming, mandated quarantine orders put in place nationwide, countless organizations transitioned to an entirety remote workforce in a matter of weeks. As one could assume, this abrupt transition brought with it some major obstacles for businesses to tackle with very little time to do it.
A recent study, by Malwarebytes, sought to investigate the new business models adopted during the pandemic in order to “dig deeper” into today’s new, work-from-home (WFH) normal. The basic goal of the survey was to measure not only the reaction to the pandemic but also the business’s plans for cybersecurity strategy going forward.
The study surveyed over two hundred directors, managers and C-suite executives in the Information Technology space across the United States. The respondents spanned a large variety of businesses, with companies ranging in size from 100 employees, to over 5000. The survey aimed to track respondents concerns surrounding the WFH transition, impacts of the pandemic and long-term adjustments to security moving forward.
Prepared to Work-from-home?
According to the survey, despite a relatively low number of participants giving themselves a perfect score with respect to WFH readiness, still, a relatively high number expressed very high levels of confidence in how prepared their organization was to move to a remote work model. As many as 73% of the surveyed respondents said their organizations earned 7 or more (On a confidence scale of 1-10) for level of perceived preparedness.
Interestingly, among the IT leaders, directors of organizations of more the 5,000 employees demonstrated the greatest confidence levels when rating their organizations cybersecurity posture, giving an average ranking of 8.2 out of 10.
What WFH Challenges Presented the Greatest Concern?
Fortunately, for most, the shift from office to working from home did not create concerns that were not already there, before the coronavirus. Unfortunately, the rapid shift compounded these concerns and demanded rapid undertaking, often quicker than an organization could deliver.
More than 50% of respondents surveyed reported facing at least 3 of the challenges listed in Malwarebytes questionnaire. Topping the list, the challenge most cited by IT leaders was trained employees on how to be security compliant which working from home (55.4%), followed by setting up work or personal devices with the appropriate software (53.5%). And the third challenge, 51% of IT leaders felt a significant strain shifting to a new, remote model of communication presented a significant challenge to an organization’s business flow.
The Aftermath: The Bad
By and large, the fears and concerns many of the respondents held were largely founded in reality. As the workforce shifted a remote model, many of the expressed concerns later materialized in the transition. The survey found that 23.8% of IT leaders ran into unexpected expenses as a direct result of addressing a cybersecurity breach of malware attack. Further, nearly 20% of leaders faced a security breach as a direct result of a remote worker.
While these numbers may not seem terrible, it is important to remember, as we have seen in previous Packetlabs blogs, that all it takes for any organization to suffer a breach, resulting from a remote workforce, is the compromise of one employee. With this in mind, and considering that the survey recognized that 33% of organizations moved 81-100% of their workers to WFH, and nearly 98% of organizations moved at least 21% of their workforce, this number becomes quite intimidating.
In a twisted turn of events, some organizations found the immediate, crashing enforcement of a pandemic lockdown, while stressful, proved that they were more prepared that they may have initially believed. In fact, 61% of respondents indicated they were able to supply staff with devices to work from home remotely, and 56.4% were able to provide adequate training to ensure cybersecurity best practises were being met from the home office. While these are not the best results, they do indicate that a significant proportion of surveyed companies were taking steps in the right direction, even with little to no warning. As a penetration testing company, naturally, we would like to see these numbers greatly improved, but this is not terrible, all things considered.
How Packetlabs Can Help
From the results of this survey, the value of penetration testing is clear. At Packetlabs, our penetration testing services begin with the latest tools and technologies and leverage them to bypass the security of corporate networks protected by even the most sophisticated security controls.
Packetlabs consultants are trained from the ground up to think outside of the box to find vulnerabilities others may overlook. Our testers commit to a career of continuous learning to find new ways to evade controls in modern, and home networks. We take the time to understand each of the in-scope components and their role within tested systems to custom tailor our approach to whatever environment we’re hired to assess.
Another important take away from this report is the importance of regular security maturity assessment, which happens to be a Packetlabs service offering. Packetlabs’ can perform a custom security maturity assessment for your organization to identify implemented controls and measure their effectiveness within your current business model. If you would like to learn how Packetlabs would approach and prioritize cybersecurity at your organization, please contact us for more information.
10 January - Blog
Your Guide to Objective-Based Penetration Testing
14 December - Blog
2022 in Review and Our Predictions for 2023: Cyber-Threat Landscape
05 December - Blog
Choosing a Penetration Testing Company: Methodology & Certifications