A recent survey by BlackBerry provides evidence that many organizations have failed to update cyber security policies in line with the move to remote and hybrid working. Hans-Peter Bauer, Senior Vice President at BlackBerry gives more details…
Where do you draw the line for your organization’s cyber protection? At the perimeter of your building? At the limits of your physical infrastructure? Or out to all company-issued endpoint devices, wherever they may be?
BlackBerry recently conducted new research in Europe revealing key gaps in organizational security, particularly those related to remote employees. Findings indicate that corporate endpoint devices deployed in employees’ homes frequently share networks with a growing number of ‘smart’ - and potentially insecure - domestic devices. We further found that remote employees do not prioritize security when they purchase IoT (Internet of Things) devices for their homes.
Let’s look at some of the results of the study, where BlackBerry asked 4,000 homeworking employees across the UK, France, Germany, and the Netherlands for insight on their smart device purchase decisions, and provision for home security by their organizations. The results highlight a substantial – and growing – gap in cyber security protection.
Homes are getting smarter, but not necessarily more cyber secure
Across Europe, consumers are adopting and installing a record number of new smart technologies in the home – from connected appliances to electric vehicle (EV) charging stations, to wireless security cameras, doorbells, and thermostats.
At the same time, our research reveals that cost-conscious buyers fail to prioritize security in their smart device purchases.
- 68 percent of European homeworkers do not identify security among the top three considerations in their smart device purchases.
- 28 percent say their employers fail to put adequate security provisions in place to extend cyber protection across their home networks.
- 75 percent say their employers have taken no steps at all to secure their home internet connections or to provide software protection for home devices.
Together, this can dramatically heighten the risk of cyber attacks for both businesses and their employees, as hybrid and home-based working become the norm. When consumers drop their guard to focus on price, and businesses don’t extend their security cover to compensate, cybercriminals can take advantage of these unsecured access points. That can lead to the theft of valuable personal and corporate data.
Smart home devices: a growing threat vector
As the diversity and complexity of the IoT ecosystem increases, so does the opportunity for cyber attacks. European Commission President Ursula von der Leyen summed it up during remarks on cyber security, saying: “If everything is connected, everything can be hacked.”
Even the most innocent of home devices can allow bad actors to access home networks — often with connections to company-owned devices, or company data residing on consumer devices — leaving organizations vulnerable. Our research reveals that too often, the responsibility to safeguard these connected devices is left to the employee and device manufacturers.
Adding to this challenge is the recent global hike in the cost of living, along with escalating geopolitical conflicts and a growing cyber security insurance gap. Past developments, similar to these, created the ideal recipe for increased cyber attacks. For example, cyber crime increased during both the global financial crisis of 2008-2009 and again during the height of the COVID-19 pandemic.
Such periods of economic instability and social disruption tend to compound the challenge of implementing more effective cyber security, and the current proliferation of hybrid and home working practices — especially in homes that are getting ‘smarter’, but not necessarily more cyber secure — means we may experience a similar spike in cyber attacks during the coming months.
Crucially, organizations need to include devices beyond their immediate reach as they consider their cyber security protection while preparing for challenging economic times ahead.
Closing the smart device – cyber security gap
How can organizations help close this work-from-home cyber security gap? Two places to start are:
- People: begin with a policy for remote employee security, then back it up with training. Our research found only 26 percent of companies established a cyber security policy with advice for smart devices/home working.
- Process: in our experience, most issues are rooted in inadequate preparation. The SANS Institute incident response cycle offers an accessible guide and a process framework that the CylanceGUARD team at BlackBerry uses for ‘blue team’ testing. It starts with preparation and continues through identification, containment, eradication, and recovery in the event of a breach.