Foco de atención en Alemania: Hybrid Work Brings New Cyber Risks
As German organizations plan their long-term hybrid and remote work models, embracing this new world of work opens the door to new and unmanaged cyber risk. And attackers are taking advantage. To address this, we need to change the way we're thinking about risk.
While the pandemic-driven work-from-home obligation in Germany has been revoked, many organizations still plan to continue long-term hybrid and remote work models. At the beginning of 2020, just 22% of German organizations had employees working remotely. Today, that has risen to 82%, with 65% planning to make this adoption permanent in the next 1-2 years. But, by their own admission, only 58% of German organizations feel they are prepared to support new workforce strategies from a security standpoint.
The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 156 respondents in Germany. The study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work, was conducted by Forrester Consulting on behalf of Tenable in April 2021.
Cloud adoption enables hybrid working model
Historically, German organizations have been reluctant, and some even resistant, to embrace cloud adoption. The pandemic has completely changed that. To facilitate a remote workforce, cloud adoption has accelerated, shattering the boundaries of the corporate network and introducing exponential risk.
Seventy-three percent of German organizations said they have moved business-critical functions to the cloud, including accounting and finance (51%) and human resources (48%). When asked if this exposed the organization to increased cyber risk, 76% of security and business leaders believed it did.
Business-critical systems weren't the only ones shifted to the cloud. More than a third (35%) of German organizations also moved non-critical functions to the cloud in response to the pandemic, despite 57% of security leaders believing this increased their exposure to risk.
Attackers are taking advantage
With little attention given to security during this massive shift, attackers have taken advantage. Ninety-three percent of German organizations experienced a business-impacting cyberattack* in the last 12 months, with 57% falling victim to five or more.
Cuando se observa el enfoque de estos ataques:
- 78% resulted from vulnerabilities in systems and/or applications put in place in response to the pandemic
- 66% targeted remote workers or those working from home
- 61% involved cloud assets
- 61% involved an unmanaged personal device used in a remote work environment
The impact to organizations is far from trivial as 44% suffered a ransomware attack and 35% experienced a data breach.
We need to change the way we're thinking about risk
As organizations adjust to the new world of work — one that combines in-office and work-from-home models — CISOs and infosec leaders must reevaluate their approach to maintaining security in highly dynamic and disparate environments. This includes realigning themselves to the business in order to effectively reduce risk.
Security teams need visibility of their entire threat landscape, with the intelligence to predict which cyberthreats will have the greatest business impact on the organization. In tandem, controls are needed to address the risks introduced by the new world of work.
Improving the way Active Directory is configured and managed is crucial to disrupting attack paths. Organizations need to implement adaptive user risk profiles in order to continuously monitor and verify every attempt to access corporate data based on set criteria — who is requesting access, where are they connecting from and the hygiene of the device being used. If the criteria aren't met, the request is declined.
If cybersecurity strategies fail to keep pace with business changes, today's risk could become tomorrow's reality.
*Un ataque cibernético con impacto en el negocio es aquel provoca uno o más de los siguientes desenlaces: pérdida de datos de clientes, de empleados o confidenciales; interrupción de las operaciones cotidianas; pagos de ransomware; pérdidas financieras o hurto; y/o robo de propiedad intelectual.
Artículos relacionados
Cybersecurity Snapshot: CISA Shines Light on Cloud Security and on Hybrid IAM Systems’ Integration
March 15, 2024Check out CISA’s latest best practices for protecting cloud environments, and for securely integrating on-prem and cloud IAM systems. Plus, catch up on the ongoing Midnight Blizzard attack against Microsoft. And don’t miss the latest CIS Benchmarks. And much more!
Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft
February 1, 2024The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security.
Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more
December 29, 2023The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more!
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
- Active Directory
- Cloud
- Executive Management
- EMEA
- BYOD
- Risk-based Vulnerability Management
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning