CyberArk Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

CyberArk

Unmanaged personal devices at home threatening corporate security

960 640 Stuart O'Brien

More than half of UK employees working remotely during lockdown use unmanaged personal devices to access corporate systems.

That’s according to a study published today by CyberArk, which found that UK employees’ work-from-home habits – including password re-use and letting family members use corporate devices – are putting critical business systems and sensitive data at risk.

The survey, which aimed to gauge the current state of security in today’s expanded remote work environment, found that:

  • 60% of remote employees are using unmanaged, insecure “BYOD” devices to access corporate systems. 
  • 57% of employees have adopted communication and collaboration tools like Zoom and Microsoft Teams, which have been the focus of highly publicised security flaws

Working Parents Compound the Risk

The study found that the risks to corporate security become even higher when it comes to working parents. As this group had to quickly and simultaneously transform into full-time teachers, caregivers and playmates, it’s no surprise that convenience would outweigh good cybersecurity practices when it comes to working from home. 

  • 57% insecurely save passwords in browsers on their corporate devices
  • 89% reuse passwords across applications and devices
  • 21% admitted that they allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping. 

Are Current Work-from-Home Security Policies Enough?

While 91% of IT Teams are confident in their ability to secure the new remote workforce, more than half (57%) have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.

CyberArk says the rush to onboard new applications and services that enable remote work combined with insecure connections and dangerous security practices of employees has significantly widened the attack surface and security strategies need to be updated to match this new dynamic threat landscape. This is especially true when it comes to securing privileged credentials of remote workers, which, if compromised, could open the door to an organisation’s most critical systems and resources.

“Major socio-economic events have always led to a sharp uptake in cyber incidents. The WHO has warned of an exponential increase in attacks due to the global and unprecedented nature of the ongoing health crisis, and its transformative impact on the way we work. With the accelerated use of collaboration tools and home networks for professional purposes, best-practice security is struggling to keep pace with the need for convenience which, in turn, is leaving businesses vulnerable”, said Rich Turner, SVP EMEA, CyberArk.

“Responsibility for security needs to be split between employees and employers. As more UK organisations extend remote work for the longer term, employees must be vigilant. This means constantly updating and never re-using passwords, verifying that the operating system and application software they use are up to date, and ensuring all work and communication is conducted only on approved devices, applications and collaboration tools. Simultaneously, businesses must constantly review their security policies to ensure employees only have access to the critical data and systems they need to do their work, and no more. Decreasing exposure is critical in the context of an expanded attack surface.”

Majority of British businesses fear disruption to business critical apps

960 640 Stuart O'Brien

Nearly 50 per cent of UK organisations do not prioritise the protection of the applications that their business depend on – such as ERP and CRM systems – any differently than how low-value data, applications or services are secured. 

That’s according to an independent survey was conducted among 1,450 business and IT decision makers, primarily from Western European economies, by CyberArk.

It indicated that the respondents felt that even the slightest downtime affecting business critical applications would be massively disruptive, with 64 per cent of UK respondents agreeing that the impact would be severe.

Despite the fact that half of organisations have experienced data loss, integrity issues or service disruptions affecting business critical applications in the previous two years, the survey found that a large majority (68 per cent) of UK respondents are confident that their organisation can effectively stop all data security attacks or breaches at the perimeter.

This brings to light a what CyberArk says is a ‘remarkable’ disconnect between where security strategy is focused and the business value of what is most important to the organisation. An attacker targeting administrative privileges for these applications could cause significant disruption and could even halt business operations.

The survey also found that 70 per cent of organisations indicated they have moved (or will move within two years) business critical applications to the cloud. A risk-prioritised approach to protecting these assets is necessary in this model as well if this transition is to be managed successfully.

“From banking systems and R&D to customer service and supply chain, all businesses in all verticals run on critical applications. Accessing and disrupting these applications is a primary target for attackers due to their day-to-day operational importance and the wealth of information that resides in them – whether they are on-premises or in the cloud,” said David Higgins, EMEA technical director at CyberArk. “CISOs must take a prioritised, risk-based approach that applies the most rigorous protection to these applications, securing in particular privileged access to them and assuring that, regardless of what attacks penetrate the perimeter, they continue to run uncompromised.”