Unprecedented, disruptive, world changing and many more terms have been used to describe the current state of the world and we’d like to chuck another two on top of that pile: woefully unprepared.
From responses by government to how businesses pieced together a response to orders from the prior to work from home, it became clear that we were not prepared to deal with a pandemic of this size.
But more than that, with cybercrime spiking throughout our local lockdown, its has become clear that many businesses were not taking the threat of cybercrime all that seriously or had simply become inattentive.
This became a massive problem as more people started working from home, increasing the risk landscape for firms. Now, thanks to data from Fortinet’s 2020 Remote Workforce Cybersecurity Report, we have a very worrying look at how remote work was not something many employers had considered pre-COVID-19.
[su_box title=”Methodology for the Fortinet 2020 Remote Workforce Cybersecurity Report” box_color=”#f37021″]This report was compiled using a survey conducted in June 2020 with participants from 17 different countries. Participants were from both the private and public sectors. The most common titles for participants included: IT director, CIO, head of IT, network architect, and director/VP/manager of network operations, IT infrastructure, or network engineering and operations.[/su_box]
The rapid shift to remote work or working from home saw nearly two thirds of businesses surveyed needing to transition to a remote workflow overnight. According to the survey 83 percent of organisations found this transition challenging with the main problem cited was secure connectivity.
Perhaps the most worrying figure we spotted is that 60 percent of organisations revealed an increase in breach attempts while 34 percent revealed fully fledged breaches.
“Given the security challenges above, and the fact that nearly 30 percent of organisations are expecting more than half of their employees to continue working remotely full-time after the pandemic, security leaders must carefully consider what technology and strategies are required to secure telework well into the future. To ensure the protection of corporate data and assets, organizations must adapt their cybersecurity policies to account for the extension of the network perimeter to the home,” explains Fortinet’s executive vice president of Products and CMO, John Maddison.
The good news from this rather jarring revelation is that organisations are looking to improve security, well, at least the majority of respondents in this survey.
As many as 60 percent of respondents said they’d be spending $250 000 (~R4 million) or more to secure remote working solutions over the next two years.
Simply solutions save headaches
There are many shocking revelations in Fortinet’s report but perhaps the most shocking is how few organisations make use of multi-factor authentication (MFA).
This incredibly simply security technique is still ostensibly ignored by many organisations.
The survey reveals that 30 percent of respondents are only now starting to invest in multi-factor authentication, worse still, 27 percent of respondents have no plans to invest in multi-factor authentication.
That means that over 50 percent of respondents in this survey have no multi-factor authentication at all. We’re flabbergasted, shocked and frankly appalled at the fact that such a simple security solution is ignored by so many firms.
Investment into IT teams that can handle incidents is also on the rise according to Fortinet’s data.
“At the start of the pandemic, only 55 percent of organizations had enough skilled IT workers in place to support the shift to remote work. And while 73 percent of organizations stated their intention to invest further in skilled IT workers in the next 24 months, the historical lack of skilled IT security professionals could present a challenge,” says Maddison.
Once again this raises the point that organisations weren’t investing in these areas before. Sure, better late than never but one has to wonder whether if COVID-19 had never happened if these investments would ever have been made.
But through the entirety of this report nothing sent cold shivers down our backs as much as the following information.
“Only 40 percent of organizations had a business continuity plan in place prior to the pandemic. Yet, as a result of the pandemic and the rapid shift to remote work, 32 percent invested further in this area,” reports Fortinet.
That is not good enough but we’re not surprised. Recently Garmin suffered a ransomware attack that took its services offline for the better part of a week.
Getting things back up to working order was very slow going and while we don’t know what Garmin’s business continuity plan looked like, we suspect its being improved as we speak as one day being offline is bad but a week is just a horrific response from a firm that size.
There are of course some worthwhile investments begin made according to this survey’s results.
As many as 76 percent of respondents are upgrading network access control while a further 72 percent are looking to upgrading endpoint detection and response solutions.
Software defined wide-area networks are also being considered by 64 percent of organisation. This is being done with the view to support remote workers.
The full Fortinet report can be read here and it is just as frightful as we’ve made it out to be.
Businesses must start securing their boundaries or we are going to be seeing more and more profile hacks.
Your business is not immune to hackers so stop acting like it is and turn on MFA for crying out loud.
[Image – CC 0 Pixabay]