Enterprise tech adoption fuels cyber risks

Seventy-four percent of companies attribute recent cyberattacks to vulnerabilities in technology put in place during the pandemic. That’s according to a new report from Forrester (commissioned by Tenable), which surveyed security leaders, executives, and remote employees to explore shifts in cybersecurity strategies at enterprises in response to the pandemic.

From cloud services and apps to personal devices and remote access tools, the number of corporate attack surfaces has dramatically increased. Worldwide IT spending is projected to total $3.9 trillion in 2021 — an increase of 6.2% from 2020, according to Gartner. And now, new research suggests that difficulty managing technologies has made enterprises more vulnerable to cyberattacks.

The Forrester and Tenable survey shows that 80% of security and business leaders believe their organizations are more exposed to risk as a result of remote work. Over half of remote workers access customer data using a personal device, yet 71% of security leaders lack high or complete visibility into remote employee home networks, the respondents said. Unfortunately, this gap is well-understood by bad actors, as reflected in the fact that 67% of business-impacting cyberattacks targeted remote employees.

The findings agree with a Snow Software report that revealed that hybrid employees are expected to become a bigger burden on IT staff. The new work model, the whitepaper said, will change employees’ technology needs and increase their use of IT resources. Another concern is “shadow IT,” which refers to department-led technology purchases that can disrupt systems and workflows. Twenty-six percent of those surveyed by Snow cited shadow IT as the biggest hurdle posed by hybrid work.

IT departments also face pushback from employees adapting to hybrid and remote work arrangements. An HP Wolf Security and YouGov poll found that almost half of younger office workers surveyed view security tools as a hindrance, leading to nearly a third trying to bypass corporate security policies to get their work done. Furthermore, HP reported that 83% of IT teams believe that the increase in home workers has created a “ticking time bomb” for a corporate network breach.

Cloud security

According to Forrester and Tenable, expanding the software supply chain and migrating to the cloud are two other major sources of cyber vulnerability enterprises are facing. Sixty-five percent of security and business leaders attribute recent cyberattacks to a third-party software compromise, while 80% of security and business leaders believe moving business-critical functions to the cloud elevated their risk. Moreover, 62% of organizations report having suffered business-impacting attacks involving cloud assets.

A recent study from Dimensional Research for Tripwire similarly identified cloud security as a top concern among enterprises. Almost all security professionals surveyed told Dimensional that relying on multiple cloud providers creates security challenges and that providers’ efforts to ensure security are “just barely” adequate. They cited a lack of consistent security frameworks and expedience to communicate security problems, among other issues.

To address the challenges,  two thirds or more of security leaders told Forrester and Tenable that they plan to increase their cybersecurity investments over the next 12 to 24 months. What’s more, 64% of leaders lacking security staff plan to  increase their headcount over the next 12 months.

“Remote and hybrid work strategies are here to stay, and so will the risks they introduce unless organizations get a handle on what their new attack surface looks like,” Tenable CEO Amit Yoran said in a press release. “This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattack and another that accelerates business productivity and operations in a secure way. [Executives] have the opportunity and responsibility to securely harness the power of technology and manage cyber risk for the new world of work.”