For years, cybersecurity teams and bad actors have been locked in a vicious arms race: As organizations have bolstered their defenses to adapt to new threats, criminals have updated their tactics as well.
COVID-19 has further raised the stakes of this battle. Amid the transition to hybrid and fully remote work (and all of the organizational and productivity challenges that come with that shift) organizations must now adapt their security strategies for a very different security ecosystem. Remote work has made networks harder to protect, and stressed-out employees seem more prone to personal security lapses than ever.
However challenging this current moment is, it’s clear that many of these changes are here to stay. Considering how many employees now say they would rather quit their jobs than return to the office —and they are already quitting in droves—organizations must adapt to the new realities of our current cybersecurity landscape.
One of the most significant developments in the cybersecurity landscape over the past two years is the shift toward the human element.
As security teams have continued to secure critical systems through traditional appliances and tools, threat actors have shifted back to attacking employees through social engineering, phishing, and vishing attacks. In 2021, 70% of organizations said they had seen more phishing attacks during the pandemic, according to Sophos’ Phishing Insights 2021 report.
Worryingly, many of these employee-focused attacks are working. According to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches in 2020 resulted from human—not technical—errors. The leading causes of these breaches were stolen or misused user credentials, which gave hackers access to internal networks and sensitive information.
A network is only as secure as its weakest link. Unfortunately, the rise of remote work has created millions of vulnerable new targets for attackers.
While security teams were largely able to control and secure employee working environments in the pre-COVID era, that’s far from the case now. Today, roughly 70% of office workers say they use their company-provided devices for personal tasks, and 37% say they’ve user their personal devices to access work applications, according to HP’s latest Blurred Lines & Blindspots Report. Perhaps most alarmingly, 30% say they’ve let another person use their work devices.
Given these lapses in security hygiene, it’s no surprise to see that remote work is playing a larger role in security breaches. According to IBM and the Ponemon Institute, remote work was a contributing factor in 17.5% of the 537 breaches they analyzed in 2021. Unfortunately, just 55% of attack victims said they were prepared to address these breaches, according to a PWC survey of 322 security and technology executives.
Given these shifts, increasing employee awareness of security issues has become a crucial risk-mitigation measure that no organization can afford to ignore.
And while doing so is largely the responsibility of security teams, they can’t do it alone. Indeed, the most forward-thinking teams are using this as an opportunity to tap their colleagues in human resources, who have become valuable partners in ensuring that all employees learn the how and why of cybersecurity hygiene.
This is happening in a few ways. For one, HR and security teams are working together to develop onboarding programming to teach new employees the essential elements to both securing their home networks and protecting themselves against phishing and other threats.
More broadly, HR is playing an increasingly critical role in ensuring that IT security policies are properly communicated and prioritized across their organizations. By working closely with HR, IT teams can ensure that new and tenured remote employees can remain vigilant about the ever-increasing number of vulnerabilities they may be exposed to.
This security-HR partnership will be essential going forward. Costs associated with cybercrime could climb as high as $10.5 trillion by 2025, according to Cybersecurity Ventures. Combating that will require a concerted effort across IT, HR, and the employees they support. Collaboration will be critical if organizations are to stay one step ahead of the bad guys.
Check out our Cybersecurity toolkit below!