A new report has revealed that 99% of large businesses, especially those with over 2,000 employees, fell victim to cyber-attacks in the last year. The main culprit, according to nearly half of the respondents, is the shift towards remote and hybrid work, which has exposed organisations to more vulnerabilities.

Key Highlights:

• Remote Work Woes: 46% of businesses blame remote and hybrid workers for their cyber incidents, citing the challenge of securing dispersed networks and personal devices.
• Roaming Workers and Branch Offices: 37% identified roaming workers, and 39% pointed to branch operations as sources of cyber threats.
• Third-Party Weak Links: Inconsistent security standards and outdated infrastructure, especially with third-party vendors, have turned them into vulnerable entry points.
• Skills Shortage: A staggering 80% of respondents reported difficulty in recruiting and retaining specialist cybersecurity personnel, a key factor in their security struggles.
• Ransomware and Detection Difficulties: 42% of businesses admitted they struggled to detect threats and protect against ransomware.
• Insecure Networks: 40% struggled with enforcing consistent security policies due to insecure networks, exacerbated by the shift to remote work.
• Siloed Systems: 30% noted their systems are siloed, making it difficult to gather and act on threat intelligence.
• Technological Advancements in Attacks: Threat actors are using generative AI to enhance social engineering and impersonation tactics, making attacks even more sophisticated.

The shift to remote work has been a double-edged sword. While it has provided flexibility and adaptability for businesses, it has also opened up new avenues for cyber attackers. Securing remote workers’ devices and ensuring that all parts of a dispersed workforce follow consistent security policies has become a colossal challenge for IT departments. Add to that the pressure of managing third-party vendors with outdated infrastructures, and it’s no wonder that large businesses are seeing such a rise in cyber breaches.

Furthermore, the cybersecurity talent gap is leaving many organisations defenceless. Despite knowing the risks, companies are struggling to find the right people to fill specialist security roles, leaving the door wide open for attackers to exploit weaknesses. The technical challenges, coupled with human resource issues, create a perfect storm of vulnerability, with even the most sophisticated security systems being outpaced by the agility of cybercriminals.

What is recommended to do

To avoid these pitfalls, businesses must rethink their security strategies for the post-remote work era. Prioritising consistent security protocols across all branches, investing in up-to-date infrastructure, and regularly auditing third-party vendors should be at the top of the list. Additionally, addressing the cybersecurity skills shortage is essential — through both training existing employees and creating attractive roles to draw in top talent.

Lastly, businesses should adopt advanced threat detection technologies, such as AI, not only to keep up with evolving attacks but to stay one step ahead. Cyber-attacks are only going to get more complex, and businesses need to be proactive, not reactive, in their defence strategies.

Source and further reding.

Jackson, F. (2024, October 15). 99% of large businesses faced cyber attacks in the last year. TechRepublic. https://www.techrepublic.com/article/xalient-breach-report/

Crouse, M. (2024, February 9). Botnet Attack Targeted routers: A Wake-Up call for securing remote employees’ hardware. TechRepublic. https://www.techrepublic.com/article/volt-typhoon-botnet-attack/