With millions of businesses across the UK implementing work-from-home (WFH) policies in the wake of the Corvid-19 outbreak, a new report suggests that IT teams aren’t securely set up for a remote working scenario. This new research fromTanium, provider of the proven platform for endpoint visibility and control, today unveils that nearly three quarters (71 percent) of CIOs find new digital assets on a weekly basis - 93 percent overall - that are leaving them vulnerable to cyberattacks.
The global study of 750 IT decision makers revealed that nearly six in 10 (57 percent) are concerned that a lack of visibility and control of endpoints - such as laptops, servers, virtual machines, containers and cloud infrastructure - will make their company more vulnerable to cyberattacks.
Employees are a major concern
The findings are particularly concerning given the global surge in home working arising from the Covid-19 pandemic and lockdown measures announced in the UK last night. As hackers ramp up phishing attacks on remote workers, IT leaders without visibility into these new endpoints may find their organisations dangerously exposed.
Respondents are clearly alarmed at the cyberthreat to their organization posed by employees. Nearly two-fifths (38 percent) say that staff adding new solutions, such as cloud accounts, without permission is a top challenge in maintaining control of the IT environment. A further 29 percent cite departments implementing their own tools without IT’s knowledge (shadow IT) as a major cause of endpoint visibility gaps.
What’s causing visibility gaps?
The majority (93 percent) of respondents acknowledge fundamental weak points within their organisations that are preventing a comprehensive view of their IT estate.
Aside from shadow IT, these visibility gaps are being exacerbated by a lack of unity between IT, operations and security teams (39 percent), legacy systems which don’t give them accurate information (35 percent), a lack of resources to effectively manage their IT estate (27 percent), and too many tools used across their business (25 percent).
The research reveals that firms have implemented an average of 41 separate security and operations tools to manage their IT environments. Such sprawl likely further limits the effectiveness of already-siloed teams and creates unnecessary complexity.
Tech leaders are concerned about the consequences
In the study, IT leaders are not only concerned that limited visibility of endpoints could leave their company more exposed to cyber-attacks, but also that it may damage the brand (42 percent), make risk assessments harder (36 percent), impact customer loyalty (27 percent), and lead to non-compliance fines (34 percent).
Chris Hodson, Chief Information Security Officer at Tanium said:
“Following the strict new social distancing measures announced by the Prime Minister last night to help prevent the spread of COVID-19 - effectively locking down the majority of the population - many organisations have enacted, or will now be bringing in, work-from-home (WFH) strategies. This can put unprecedented pressure on critical IT infrastructure and support teams, as few IT organisations are designed to support every employee working remotely. Malicious actors will undoubtedly be hoping to exploit this crisis by attempting to access valuable data within a company’s network through compromise of unknown computing devices from employees working at home.
“As our research reveals, IT leaders’ lack of visibility into how they see and manage computing devices can cause major issues. Without true visibility and control of all their IT assets, businesses are creating vulnerabilities that can be exploited.“Irrespective of asset location, IT leaders need to ensure visibility and control of any endpoint accessing enterprise data and systems. To mitigate the risk, businesses must focus on the fundamentals of unified endpoint security management. The first step will be to gain real-time visibility of all digital assets by communicating with employees and ensuring that IT leaders have a clear understanding of devices that are being used for work at home. With oversight of all potential entry points for cybercriminals, businesses will be able to best protect data and reduce risk.”