Remote work will lead to more phishing attacks and threats to accounting and marketing departments, according to IT security managers.
In the age of COVID-19, remote work is here—and here to stay, according to Gartner. Aside from fundamentally shifting the environment in which employees and managers interact, remote work has other less obvious consequences—namely, increased vulnerability to attacks.
To assess the greatest cybersecurity threats companies are facing today, and the 10 trends they should watch out for in 2021, Getapp, the software recommendation company, talked to 83 IT security managers for its Annual Data Security Report. The report found that "limited security for remote workers is the single most common vulnerability businesses are facing today."
SEE: Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
Here are the 9 trends to watch, according to the report:
1. Remote work is the top concern.
The report recommends that companies institute "a formal remote work policy and by adopting the right software tools that ensure company data is safe when accessed remotely" to prevent attacks.
2. Data breaches are four times more common for companies that allow access to company data.
According to the report, employees should only access data that is critical to their job performance, to prevent cyberattacks "caused both by malicious data theft and accidental data loss." The companies that do allow full access to company data are more likely to report a data breach (50.7% of breaches reported) as opposed to those that limit data access (12.6%).
3. Data classification alone is not sufficient.
Categorizing data as public, internal, and confidential are frequently used by companies (82%), but "these programs alone have proved insufficient to restrict access and prevent data breaches," according to the report. The majority of companies (62%) are still offering employees access to data that they don't need—and these companies are reportedly 2.5 times more likely to experience a data breach. Data access controls and authentication should be the top priorities.
4. Phishing schemes are spiking and becoming more harmful.
According to the report, "80% of employees report receiving phishing emails, compared to 73% in 2019, and employees are 15% more likely to click on a malicious link." In particular, marketing employees were the most likely (38%) to click on these malicious links.
5. A third of employees hit by account takeovers.
While account takeovers are nothing new, COVID-19 has resulted in a bump of online transactions. "From 2018 to 2019, TransUnion reported a 347% increase in account takeovers targeting online retail customers. And increased reliance on e-commerce will only make things worse," the report states.
SEE: Security Awareness and Training policy (TechRepublic Premium)
6. Improved authentication methods.
The use of two-factor authentication went up 18%, and is used by 82% of businesses in 2020. And the use and biometric data security—such as the use of fingerprints and facial recognition—went from 27% in 2019 to 53% in 2020.
7. Ransomware affected 28% of businesses.
Over the last 12 months, nearly a third of businesses were hit with ransomware—of this group, 75% paid. Still, only 70% of those could retrieve their data.
8. VR/AR use nearly triples.
In 2020, 17% of businesses harness AR and VR for training purposes—and digital marketing and accounting report even greater use of these tools, up to 35%. Training has moved from the physical to the virtual, and more employees, 71%, are reporting that they must attend security training annually.
9. 86% of organizations are more concerned about data privacy.
The business shifts ushered in by COVID-19, have resulted in increased concerns among IT departments. However, knowledge of data privacy regulations, such as the EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have sharply risen in the last year.
The report also includes a breakdown of how security affects seven key industries.
- Quick glossary: Cybersecurity attacks (TechRepublic Premium)
- Quick glossary: Cybersecurity attack response and mitigation (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)