The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.
Organizations are facing yet another unprecedented threat to their cybersecurity now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown.
A new survey from Armis shows the mountains of work ahead for security teams in not just locking down their organizations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom.
Armis surveyed 2,000 end users in the U.S. and found the dangers to critical infrastructure, utilities and food supplies aren’t sinking in with the public, despite the deluge of headlines. More than 20 percent of those surveyed hadn’t even heard of the Colonial Pipeline attack and 45 percent had no awareness about the attempt to breach systems to poison Florida’s water supply. Respondents also didn’t really think there would be any long-term supply-chain consequences of the JBS Foods or Colonial Pipeline attacks, according to Armis.
Personal Devices Poised to Cause Cybersecurity Nightmare
Not only are users shockingly unaware of the threats out there, but they’re also bringing all their poor cybersecurity habits with them as offices start to open back up.
Armis found 71 percent of workers returning to the office plan to bring their work from home devices back into the office, while 54 percent don’t think there’s any risk associated with doing so.
Unfortunately, the risk is real.
Armis commissioned a Forrester report that found that 63 percent of healthcare delivery businesses were breached due to an unmanaged internet of everything (IoT) device in the last two years. However, more than 60 percent of healthcare employees surveyed didn’t think their personal devices posed any risk at all, and more than a quarter of organizations have no policies in place outlining appropriate use of personal devices for business.
Even more jaw-dropping, 82 percent of those surveyed who plan to bring their personal devices back to work are IT pros – as in, the folks in charge of cybersecurity.
“The attacks on our critical infrastructure are clear evidence of the need for cybersecurity and assurance to all our utility providers and players,” said Armis CISO Curtis Simpson.
A crumbling U.S. infrastructure and the lack of will to protect could prove catastrophic, he added.
“It is also an unfortunate example of the huge vulnerability of an aging infrastructure that has been connected, directly or indirectly, to the internet,” Simpson said.
That leaves it up to organizations to put protections in place against a cybercrime onslaught that includes a startling estimate of how often ransomware attacks are coming in: namely, more than seven attacks per hour, and rising.
“Organizations must be able to know what they have, track behavior, identify threats, and immediately take action to protect the safety and security of their operations,” Simpson explained. “This data shows that there is less consumer attention on these attacks as we might expect, and so that responsibility falls to businesses to shore up their defenses.”
Join Threatpost for “Tips and Tactics for Better Threat Hunting” — a LIVE event on Wed., June 30 at 2:00 PM ET in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. Register HERE for free!