HP released its latest HP Wolf Security Out of Sight & Out of Mind, revealing how 73% of Canadian IT departments have seen a rise in the number of employees opening malicious links or attachments in an email over the last year. The Canadian findings are a subset of HP’s global study, which combines data from nearly 10,000 survey responses from remote office workers and IT decision makers.
The research also reveals the risk to businesses with a growing number of employees buying unsanctioned devices in tandem with the increase in cyberattacks, making IT support more complex, time-consuming, and costly than ever.
Research Findings
“Any major transformation [such as remote working] comes with a period of adjustment … with pain points,” began Mary Ann Yule, President & CEO at HP Canada. “Since working more from home, remote employees have been cutting IT out of the loop. According to HP’s latest HP Wolf Security Out of Sight & Out of Mind report this led to an increase in compromised machines, with 66 per cent of Canadian IT teams agreeing that protecting against, detecting and recovering from firmware attacks has become more difficult.”
Yule also commented on the impact of remote workforces using multiple devices.
“While the online workplace has brought new security obstacles to overcome, unsanctioned and unmanaged devices remain the largest threat—placing unprecedented operational pressure on security and IT teams,” stated Yule.
To back up her point, here are some of the HP Wolf Security report findings:
- 35% of Canadians have been clicking more on malicious links since working from home
- Only 32% of remote workers considered security when purchasing new IT equipment, compared to 52% who considered cost
- 53% of users agree that they feel stranded working from home, and if something were to go wrong, they’d be on their own
- 42% of Canadian employees agree with the statement, “Cybersecurity never enters my mind when I’m working: that’s IT’s job”
- 66% of Canadian IT departments agree that protecting against, detecting and recovering from firmware attacks has become more difficult
- 20% of Canadian IT decision-makers estimate the cost of support has increased by 51-60%
Awareness of Risks by Employees is Key
Recognising malicious links in emails and other common cyberthreats is key to mitigating risk.
“People often don’t know if they have clicked on something malicious, so the real numbers are likely much higher,” commented Ian Pratt, Global Head of Security for Personal Systems, HP Inc. “Threat actors don’t always announce themselves, as playing the ‘long game’ to move laterally and infiltrate higher-value infrastructure has proven to be more lucrative. For example, by using cloud backups to exfiltrate sensitive data in bulk, encrypting data on servers, then demanding a multi-million-dollar ransom.”
Pratt added, “It shouldn’t be this easy for an attacker to get a foothold – clicking on an email attachment should not come with that level of risk. By isolating and containing the threat you can mitigate any harmful impact, preventing persistence and lateral movement.”
“It’s a team effort,” remarked Yule. “Employees juggling multiple priorities at once often need regular reminders of what good cybersecurity hygiene looks like.”
“In addition to reminding employees of best practices, business leaders can also take action by investing in security designed for the future of work. Look for integrated portfolio offerings that include secure by design PCs and printers, hardware enforced endpoint security software and endpoint security services,” advised Yule.
Companies Must Architect New Solutions
“We must embrace a new way of managing security threats to enable hybrid working,” began Yule. “This requires an architectural approach to security that helps to mitigate risk, while limiting the impact of failure through segmentation.”
“A user should not be a single point of security failure,” explained Yule. “To secure the future of work, security systems and strategies must be designed for resilience, to ensure that the compromise of one device does not result in the compromise of critical assets. HP offers management tools with greater visibility to help secure the hybrid workplace.”
Added Yule, “With HP Wolf Security, organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser.”
This need isn’t entirely new, which Yule confirmed.
“In addition to these tools, in 2017, HP organized the Security Advisory Board, aiming at bringing security experts with a unique first-hand expertise in the world of hacking and the latest developments in security technology and strategies. The experts provide insights from the front lines that companies can use to reinforce their own security work.”
Are Canadian IT Resources Ready?
Yule responded to this question with, “The supercharged shift to remote work made it more difficult than ever to deliver IT security support, a trend set to continue in the hybrid workplace.”
“HP Wolf Security defends against cyberattacks without increasing IT’s workload with managed endpoint security and industry-certified expertise. This solution empowers employees to protect themselves against future attacks with device protection state monitoring and automated forensic threat intelligence. Our team of experts act as an extension of IT teams, helping identify risks to proactively improve the security posture of organization.”
As many of us continue to work remotely, clearly keeping aware of possible threats and how we can use at-home tech devices more safely will help sustain work from home possibilities.
More articles on Cybersecurity