sb-as logo
Story image

Months on, many organisations still don't have secure remote access - report

41% of organisations have not taken any meaningful steps to expand secure remote access for staff who work from home, according to new research released by Bitglass today.

The data indicates many organisations are struggling with the new normal, with a further 65% of organisations allowing enterprise managed applications to be accessed on personal phones, and half of organisations cite needing ‘proper equipment’ as being a barrier to implementing effective remote access.

The report analyses the extent to which businesses were prepared for the sudden shift into remote working due to COVID-19 restrictions, and analyses how organisations have adjusted to support remote workers amidst the COVID-19 pandemic. 

Asked what their organisations are primarily concerned with securing while employees work remotely, 65% of respondents said securing network access. This was followed by securing access to SaaS apps like Slack (55%) and bring your own device/personal devices (55%).

“This research indicates that many organisations are not implementing the security measures necessary to protect their data in the current business environment,” says Bitglass chief technology officer Anurag Kahol.

“For example, while respondents said the pandemic has accelerated the migration of user workflows and applications to the cloud, most are not employing cloud security solutions like single sign-on (SSO), data loss prevention, zero-trust network access, or cloud access security brokers.

When asked what the most concerning threat vectors for remote work were, 72% chose malware, and 59% cited unauthorised user access.

The report found that anti-malware is the most commonly-used tool to secure remote work, with 77% of respondents citing using it.

But researchers from Bitglass argue that even this statistic is too low, along with the less commonly used tools like single sign-on (45%), data loss prevention (18%), and user and entity behaviour analytics (11%).

The study also found that compliance may be an unintended victim of the remote working trend, with 63% of respondents saying remote work was likely to impact their compliance with regulatory mandates.

With the threat to security growing in tandem with the growth of remote working, organisations wishing to keep up with the remote working trend even after COVID-19 must invest in remote effective security solutions, says Kahol.

“84% of organisations reported that they are likely to continue to support remote work capabilities even after stay-at-home orders are lifted. 

“To do this safely, they must prioritise securing data in any app, any device, anywhere in the world.”

Story image
Banks failing customers when it comes to mobile app security
"Through these vulnerabilities, hackers can obtain usernames, account balances, transfer confirmations, card limits, and the phone number associated with a victim's card.”More
Story image
NCC Group chosen to help improve IoT security standards for all sectors
“At NCC Group, security is in our DNA and that's why we're excited to work with the ioXt Alliance in raising security standards within the IoT ecosystem."More
Download image
SaaS shouldn't left exposed to the public internet - how hybrid IT can help
By leveraging hybrid IT, enterprises can turn to a new architecture that leverages specialties such as colocation from multi-tenant data centres, and interconnection.More
Story image
Top 10 riskiest IoT devices for enterprises, according to Forescout
IoT devices can become attack vectors for hackers to gain access to enterprise networks, and recent Forescout research shows businesses need to be aware of this and put adequate security measures in place.More
Story image
Businesses move to cloud-based security solutions in a bid to support remote working
Cloud-based security tools are becoming increasingly popular following the rise in remote working during COVID-19, including a marked increase in businesses using such tools to protect of corporate financial information.More
Story image
Cyber attacks use LinkedIn to target companies and employees
The attacks, which ESET researchers have called Operation In(ter)ception, took place from September to December 2019 and are notable for using LinkedIn-based spearphishing. More