RISK

NEWS

Rising cyberattack fears in hybrid working world

19 Jan 2022

A new survey of almost 1,000 UK firms from all sectors and sizes has revealed that more than half believe their IT systems have been left more exposed to attack following the huge increase in people working from home during the pandemic.

The research by the British Chambers of Commerce (BCC) and IT company, Cisco, also found that one in ten firms said they had been the victim of a cyberattack in the last year, rising to more than one in seven for larger firms. Despite this, four out of five firms said they did not currently have accredited cybersecurity measures in place to protect against attacks.

Reacting to the findings, Shevaun Haviland, Director General of the BCC, said:

“The huge shift to home working, and the use of cloud computing, for tens of thousands of employees happened almost overnight, so it is not surprising that many firms were caught out by the implications this had for their cyber-security arrangements. All of the BCC’s research indicates that a shift to a more hybrid way of working, with many staff now splitting their time between the office and home, is here to stay, so it is more vital than ever that firms have the right cybersecurity protections in place. With one in ten firms confirming they have come under attack in the last year, the need to take action now could not be more important.”

Aine Rogers, Head of Small Business, Cisco UK & Ireland, said:

“The lines between professional and personal are more blurred than ever. Organisations are no longer just protecting an ‘office’ but a workforce at the kitchen table. As businesses and individuals, we’re more exposed than ever to security threats. Whether it’s fraudulent SMS campaigns, posing to be a delivery company, targeted social engineering to access the passwords for your customer database, or hacking your home network, criminals in the cyber world are cunning. That’s why we need to evolve thinking to focus on securing your employees and what they are doing, not where they are.”

In October 2021, standards body BSI advised:

“Even if employees spend only half of their working hours in their home offices moving forward, it presents a situation ripe with serious cybersecurity issues. Organisations adopting such hybrid models should be continuously monitoring and analysing systems for vulnerabilities to ensure that none of a network’s components fall behind on patching and update management. Moreover, if employees are bringing their own devices into the office after using them when working at home, organisations will need to consider the reduced state of security that characterises most home networks and devices. Systems will need to be devised for device testing and sanitisation procedures should be established before allowing unvetted devices to access a corporate network. As well as testing their devices, organisations should be testing their employees too – phishing attacks remain an easy route into corporate networks, which makes employee awareness training pivotal in helping employees to spot these attacks and other types of malicious cyber activities that could potentially lead to ransomware attacks, data breaches and system failures within their organisation.

“The move to hybrid ways of working is not the only reason organisations now need to adopt more robust cybersecurity strategies. The frequency, severity and sophistication of cyberattacks have all increased substantially since the beginning of the pandemic. Given today’s cyber threat landscape and the emergence of new technologies, it is imperative that organisations have the correct protocols, policies and procedures in place to keep their information safe, data secure, infrastructure robust and ultimately, make them resilient.”

The issue of cybersecurity is not a new one. Back in 2013, a survey by Ernst & Young showed that cyber-attacks pose the biggest threat for UK businesses, with 96% of firms fearing that their security functions are not strong enough. Of the 1,900 senior executives surveyed globally, 66% felt there had been a 5% increase that year in security incidents, while only 4% of UK organisations said they were fully equipped to deal with cyber threats and 69% said they face budget constraints, which was cited as one of the biggest concerns.

In addition, 66% of respondents said they were concerned about the lack of skilled resources at their disposal, while 28% suggested that a lack of executive awareness or support was an issue.

Information Security Director at Ernst & Young, Mark Brown, said:

“This year’s results show that while businesses are faced with a rising number of security breaches, budget constraints and talent shortages mean that they fail to put in place those systems that match their needs. As a result, for UK businesses, this is no longer an issue of whether they will be attacked - the reality is that organisations need to now focus their efforts on determining when the attack took place and identifying that they fell victim to the cyber threat in the first place. Organisations must undertake more proactive thinking, with tone-from-the-top support. Greater emphasis on improving employee awareness, increasing budgets and devoting more resources to innovating security solutions is needed.”