- This free Google AI tool turns complex research papers into concise conversations
- Tech supply chains at risk as the US launches probe into China’s legacy chip dominance
- US and Japan Blame North Korea for $308m Crypto Heist
- This Linux laptop has a brilliant display and performance that rivals my MacBook
- Spyware Maker NSO Group Liable for WhatsApp User Hacks
Hybrid Workforces Face Unique Phishing Challenges
Hybrid Workforce Woes
Companies utilizing remote or hybrid workplaces are dealing with widespread device management challenges, with employees using multiple devices, including both personal and company-owned devices, for work. Up to 74 percent of surveyed respondents said they use one or more of their own devices for work-related purposes, while 77 percent of those with employer-issued devices use them for personal purposes in some capacity, such as checking personal email, looking up products or travel destinations, shopping online or viewing social media. Researchers also found that 56 percent of employees that have a company-owned device grant access to friends or family members (up from 52 percent last year).
This mixing of personal and work devices creates a particular challenge in organizations trying to prevent phishing attacks, as it expands companies’ threat surface and adds unmanaged devices into the mix. For instance, an attacker that has compromised an employee on a personal device could gain access if the employee checks corporate email on that device. Or, an employee may click on a malicious link sent via a social media message on his corporate device.
External Wi-Fi networks pose another difficulty for security teams. Up to 40 percent of survey respondents do not password protect their home Wi-Fi networks, and only 26 percent change their network default Wi-Fi password. While many Wi-Fi-based attacks can be difficult to achieve given the need for attacker proximity, these lack of precautions can mean that many employees’ home networks are as vulnerable as open-access public Wi-Fi, said researchers.
Hybrid work environments are creating security obstacles beyond the threat of phishing attacks. Researchers with Cisco Talos in a Tuesday report said that the pandemic and associated hybrid work shift haven’t just introduced new challenges, but have also worsened existing security problems for organizations.
“For example, the stressed out worker that falls for the COVID-19 themed lure that leads to a ransomware attack,” said Nick Biasini, head of outreach with Cisco Talos, on Tuesday. “The development teams that are tasked with remediating vulnerabilities that lose access to key tools and resources when working remotely. Even the employee at a software vendor that doesn’t have adequate security protections when outside the office, facilitating a compromise that results in a supply chain attack. These are just a few of the countless scenarios that organizations are now facing.”