Most organizations are not sufficiently prepared to securely support remote working even though 84% intend to continue this practice beyond COVID-19 lockdowns, according to Bitglass’ 2020 Remote Workforce Report. The survey of IT professionals found that 41% of businesses have not taken any steps to expand secure access for the remote workforce, while 65% are allowing personal devices to access managed applications.
The study was undertaken to better understand how well businesses were prepared, from a cybersecurity perspective, for the sudden surge in remote working as a result of the pandemic.
Of those surveyed, 50% said lack of proper equipment was the biggest barrier to providing secure access for employees working from home. The types of applications that organizations were most concerned about securing were file sharing (68%), web applications (47%) and video conferencing (45%).
Malware was listed as the most concerning threat vector related to remote working by IT professionals (72%), followed by unauthorized user access (59%). Unsurprisingly, anti-malware was the most utilized security tool for remote work, at 77%. However, there was a lack of deployment of tools like single sign-on (45%), data loss prevention (18%) and user and entity behaviour analytics (11%).
“This research indicates that many organizations are not implementing the security measures necessary to protect their data in the current business environment,” commented Anurag Kahol, CTO of Bitglass. “For example, while respondents said that the pandemic has accelerated the migration of user workflows and applications to the cloud, most are not employing cloud security solutions like single sign-on, data loss prevention, zero trust network access or cloud access security brokers.
“On top of that, 84% of organizations reported that they are likely to continue to support remote work capabilities even after stay at home orders are lifted. To do this safely, they must prioritize securing data in any app, any device, anywhere in the world.”
Source: info security