Cybersecurity and Home Office
Continued concerns about cybersecurity in the home office
Remote work has been established for over a year and a likely switch to hybrid remote/office work models is imminent, yet four-fifths (82 %) of companies are still concerned about the security risks of employees working in the home office.
This is just one of the key findings from the 2021 Thales Global Data Threat Report , a commissioned study by 451 Research, part of S&P Global Market Intelligence. This shows that the management of security risks is undoubtedly becoming more difficult, since almost half (47% – 48% in Germany) of companies have noticed an increase in the volume, intensity and scope of cyber attacks in the last 12 months.
Brief overview of the findings
- Four out of five companies (82%) remain concerned about the safety risks of employees working remotely. And this despite the fact that many are exploring potential hybrid working models.
- Almost half (47% – 48% in Germany) report an increase in the volume, intensity and scope of cyber attacks in the last 12 months.
- Of those respondents who have experienced a security lapse before, this was the case with 41 percent (40% in Germany) last year, almost twice as many (21%) as in 2019.
- Retailers are most at risk: 61 percent experienced a security breach or failed an audit in 2020, causing concern among both suppliers and consumers.
Of those who have experienced a security breach before, two out of five (41% – 40% in Germany) were affected last year. This number has almost doubled from 21 percent in 2019, representing a significant shift in the threat landscape.
Globally, the biggest cyber threats are malware (54% – 51% in Germany), followed by ransomware (48% – 44% in Germany) and phishing (41% – 46% in Germany). However, when it comes to how attacks occur, the message is clear: internal threats and human error continue to be of great concern to the industry. A third of companies said that malicious insiders (35% – 37% in Germany) and human error (31% – 33% in Germany) pose the greatest risks to them, followed by external attackers (22% – 17% in Germany).
Sébastien Cano, Senior Vice President, Cloud Protection and Licensing Activities at Thales
Sebastien Cano, senior vice president of cloud protection and licensing activities at Thales, comments: “Teams around the world faced major security challenges last year as companies accelerated their digital transformation and cloud adoption initiatives. When migrating to Multicloud solutions, data management can quickly get out of control. Not only do companies run the risk of losing track of where their data is stored in multicloud environments, but they also fail to protect sensitive data in the cloud. With unprecedented amounts of data now being used and stored in the cloud, it is imperative that organizations adopt a robust security strategy based on data classification, protection, and control.“
Despite the increased risk that remote work poses to companies in the wake of the pandemic, almost half (46%-49% in Germany) of companies say that their security infrastructure was not prepared for the risks caused by Covid – 19. In fact, only one in five companies (20% – 23% in Germany) believes that they were very well prepared.
Several industries at risk
Nearly two-thirds (61%) of retailers surveyed had a security breach or failed audit related to data and applications stored in the cloud last year – the most of any industry surveyed. More than half of companies in the legal (57%), call center (55%), transportation (54%) and telecommunications (52%) sectors suffered the same fate in the last 12 months.
Multicloud complexity increases risks
As the number of attacks continues to grow, companies are turning to the cloud to store their data in this digitized world. Half (50% – 59% in Germany) of companies report that more than 40 percent of their data is stored in external cloud environments. Nevertheless, only 17 percent (20% in Germany) of companies have encrypted at least half of their sensitive data stored in the cloud. In addition, the complexity is increasing: Many respondents now use at least two PaaS providers (Platform as a Service) (45%-45% in Germany) and/or two IaaS providers (Infrastructure as a Service). A quarter (27% – 30% in Germany) of companies currently use more than 50 Software as a Service (SaaS) applications.
Future challenges and the way to them
Companies recognize the problems they face and try to solve them with zero trust strategies. More than three quarters (76% – 71% in Germany) of the companies surveyed say that their cloud strategy is based to some extent on zero trust security. Nearly half (44%) of respondents chose Zero Trust Network Access (ZTNA)/software-defined perimeter (SDP) as the leading technology to invest in during the pandemic. This was followed by cloud-based access management (42%) and conditional access (41%). A third (30% – 36% in Germany) of the companies surveyed worldwide say they have a formal zero-trust strategy, and interestingly, those with a formal zero-trust strategy are also less likely to say they have been affected by a security incident.
But while companies are taking action to stop current threats, concerns about future challenges are growing on the horizon. Looking ahead, 85 percent (79% in Germany) of respondents worldwide are concerned about the security threats of quantum computing, a threat that is likely to be exacerbated by the increasing complexity of cloud environments.
Eric Hanselman, chief Analyst at 451 Research, part of S & amp; P Global Market Intelligence adds: “While native controls and protections available in cloud environments provide a number of necessary features, they are often insufficient to provide effective protection for sensitive data and workloads, especially when it comes to compliance with regulations such as the GDPR and the impact of the Schrems II ruling. Companies need to use more encryption and ensure they take full advantage by protecting their sensitive data and controlling it through BYOK (Bring your own Key), HYOK (Hold your own Key) or BYOE (Bring your own Encryption) approaches. Organizations also need to make internal changes to ensure that employees at all levels understand the security challenges and to properly align investment priorities. Leaders need to ensure that they gain a broader understanding of the level of risk and malwares their frontline workers face.“
Thales and 451 Research will discuss the results in more detail at the upcoming Crypto Summit on June 16, 2021. To participate, please visit the registration page .
About the 2021 Thales Global Data Threat Report
The Thales Global Data Threat Report 2021 is based on a global web – based survey conducted by 451 Research among 2,600 executives responsible for or influential in IT and data security. The respondents came from 16 countries: Australia, Brazil, France, Germany (252), Hong Kong, India, Japan, Mexico, the Netherlands, new Zealand, Singapore, South Korea, Sweden, the United Arab Emirates, the United Kingdom and the United States. The organisations represented a range of industries, with a focus on healthcare, financial services, retail, technology and government. The job titles ranged from C-level executives such as CEO, CFO, Chief Data Officer, CISO, Chief Data Scientist and Chief Risk Officer to SVP/VP, IT Administrator, Security analyst, security engineer and System Administrator. Respondents come from a wide range of company sizes, with the majority employing between 500 and 10,000 people. The survey was conducted in February 2021.