DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More Topics
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » Leadership Suite » Report: As WFH Took Hold, Few Adjusted Their Security Posture

remote zero-trust WFH

Report: As WFH Took Hold, Few Adjusted Their Security Posture

By: George V. Hulme on August 28, 2020 1 Comment

In March of this year, how employees worked (if they were fortunate enough to be able to continue to work), changed dramatically following state-led shelter-in-place orders. At first, it was hoped the shift would be a matter of weeks. But as the pandemic continued and weeks stretched to months—and now with more organizations extending their work-from-home (WFH) policies well into 2021, there’s currently no real end in sight.

Recent Posts By George V. Hulme
  • IT Spending to Reach $4.4 Trillion in 2022
  • Successful Digital Transformation: It’s About Strategy
  • Manufacturing Workers Eager to Digitally Upskill
More from George V. Hulme
Related Posts
  • Report: As WFH Took Hold, Few Adjusted Their Security Posture
  • The IT Admin’s Checklist for a Newly Remote Company
  • COVID-19 Long Tail Budget Impact
    Related Categories
  • Blogs
  • DevSecOps
  • Leadership Suite
    Related Topics
  • remote workers
  • security
  • work from home
Show more
Show less

What’s the impact of WFH been on security? Security firm Malwarebytes recently completed a report, “Enduring from Home: COVID-19’s Impact on Business Security,” that looks at precisely this issue. The report examines Malwarebytes’ malware data and a survey of 200 technology and information security decision-makers among large and small organizations.

DevOps/Cloud-Native Live! Boston

The survey found that organizations are confident in their ability to transition to an increasingly remote workforce successfully. Essentially, 73% rated their organization as a high or higher in their WFH preparedness. For those organizations with fewer than 700 staffers, 84% said they moved more than half of their employees to remote work. However, 84% of larger organizations, those with 700 employees or more, said they’d moved almost all their workforce home.

Disappointingly, despite the profound changes to staff working situations, 45% of those surveyed did not conduct either security or online privacy analyses of their software tools.

Since the beginning of the pandemic, 20% of respondents said they witnessed security breaches as a result of a remote worker, and 24% said remote worker security breaches created unexpected security expenses. Further, 28% said that they now use personal devices for work more than they did previously, and 61% of those surveyed said that their employers didn’t recommend staff install anti-malware on their personal endpoints.

Not surprisingly, criminals are adapting to the new worker landscape, adjusting techniques to target poorly configured virtual private networks, cloud services and email. “There has also been a surge in phishing emails that use COVID-19 as a lure to cover up malicious activity. These emails contain commercial malware, such as AveMaria and NetWiredRC, which allow for remote desktop access, webcam control, password theft and more,” Malwarebytes said in a statement.

The study also found that AveMaria malware increased by more than 1,200% from January to April. This malware targeted primarily large enterprises, the company found. In contrast, Malwarebytes detected a near-doubling in infections from NetWiredRC, which targets small and medium-sized organizations.

What’s most concerning with these findings isn’t that criminals have shifted tactics due to a change in how staffers work; that’s to be expected and enterprises don’t have control over what attackers will do. But enterprises do have control over how they defend themselves. And as enterprises increasingly turned to cloud and collaboration platforms to make their WFH situations work, they should have updated their threat models to reflect the new reality. As this new reality continues, one can hope organizations better evaluate their current environments and adjust their security posture accordingly.

Filed Under: Blogs, DevSecOps, Leadership Suite Tagged With: remote workers, security, work from home

Sponsored Content
Featured eBook
The 101 of Continuous Software Delivery

The 101 of Continuous Software Delivery

Now, more than ever, companies who rapidly react to changing market conditions and customer behavior will have a competitive edge.  Innovation-driven response is successful not only when a company has new ideas, but also when the software needed to implement them is delivered quickly. Companies who have weathered recent events ... Read More
« Envoy Proxy Server Project Comes of Age
Consider DataOps for a Competitive Edge »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Accelerating Continuous Security With Value Stream Management
Monday, May 23, 2022 - 11:00 am EDT
The Complete Guide to Open Source Licenses 2022
Monday, May 23, 2022 - 3:00 pm EDT
Building a Successful Open Source Program Office
Tuesday, May 24, 2022 - 11:00 am EDT

Latest from DevOps.com

DevSecOps Deluge: Choosing the Right Tools
May 20, 2022 | Gary Robinson
Managing Hardcoded Secrets to Shrink Your Attack Surface 
May 20, 2022 | John Morton
DevOps Institute Releases Upskilling IT 2022 Report 
May 18, 2022 | Natan Solomon
Creating Automated GitHub Bots in Go
May 18, 2022 | Sebastian Spaink
Is Your Future in SaaS? Yes, Except …
May 18, 2022 | Don Macvittie

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

The 101 of Continuous Software Delivery
New call-to-action

Most Read on DevOps.com

Why Over-Permissive CI/CD Pipelines are an Unnecessary Evil
May 16, 2022 | Vladi Sandler
Apple Allows 50% Fee Rise | @ElonMusk Fans: 70% Fake | Micro...
May 17, 2022 | Richi Jennings
Making DevOps Smoother
May 17, 2022 | Gaurav Belani
DevOps Institute Releases Upskilling IT 2022 Report 
May 18, 2022 | Natan Solomon
Creating Automated GitHub Bots in Go
May 18, 2022 | Sebastian Spaink

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.