In our report, Investing in Cyber Resilience: Spend, Strategy and the Search for Value, we asked 600 IT and senior decision makers about their experiences of shifting and responding to hybrid working.
The hybrid working environment poses many challenges for remote workers, not least to remain vigilant for phishing emails throughout longer working days – as the lines between professional and personal have blurred – making them obvious targets of compromise.
The rise of cyber risks due to hybrid working
Cybercriminals have certainly capitalised on these issues, resulting in heightened cyber security risks across the board. Throughout the pandemic, they have ramped up phishing and other social engineering campaigns designed to take advantage of new and unfamiliar communication channels. Between January 2020 and January 2021, Google reported a 27% increase in phishing sites. Threat actors have also been quick to exploit vulnerabilities in remote-working platforms and protocols. According to ESET, Remote Desktop Protocol (RDP) attacks increased by 768% in 2020 alone – amounting to a total of 29 billion attempted attacks.
As cybercriminals have proved themselves highly adaptive, the risks of not adapting an enterprise-wide cyber incident response plan to new ways of working are numerous. Beyond contending with a heightened risk landscape, cyber incident response teams have been restricted to convening and acting virtually, introducing the need for out-of-band communication channels, specialist technology, and expertise to enable incident response to be carried out remotely.
"95% pivoted their cyber incident response plans to reflect hybrid working"
The fact that 95% of respondents to our survey (carried out for the report Investing in Cyber Resilience: Spend, Strategy and the Search for Value) pivoted their cyber incident response plans, either in part or completely to reflect hybrid working models, shows a broad appreciation of the changed threat landscape. Those that did not adapt can perhaps look to their board engagement to see why. Those organisations citing their boards as largely reactive have lagged behind their peers – with 74% stating that they have not made any changes to their response plans to date.
Engagement at the very top
A thread running through many of the key findings of the report, Investing in Cyber Resilience: Spend, Strategy and the Search for Value, is the importance of a proactive board. Companies that feel they are only investing in 'some of the right areas' or 'none at all', when it comes to cyber security, also report lower levels of board engagement with the subject. This pattern continues across all areas with reactive boards correlating with lower levels of organisational cyber strategy implementation and roll out, and poorer investment outcomes across all areas of cyber investment. Spending time on cyber with time-pressed board members is tough. But the argument to take steps to increase board engagement is compelling. There are organisation-wide benefits and savings to be made.
DOWNLOAD THE FULL REPORT