74% of organizations attribute recent cyberattacks with a business impact to technological vulnerabilities put in place during the pandemic. The data comes from a study conducted by Forrester Consulting of more than 1,300 security managers, business executives and remote employees.
From cloud services and applications to personal devices and remote access tools, the attack surface for enterprises has exploded in record time. The difficulty in managing the plethora of technologies has made businesses more vulnerable and propelled cyberattacks. Additionally, 80% of security and enterprise executives said their organizations were more at risk from working remotely.
The expansion of the enterprise attack surface is largely due to three factors
- Enabling a workforce without borders: More than half of remote workers access customer data using a personal device, but 71% of security managers lack high or complete visibility into the home networks of remote workers. This gap is well understood by bad actors, as evidenced by the fact that 67% of cyber attacks impacting the business targeted remote employees.
- Extend the software supply chain: 65% of security and enterprise executives attribute recent cyber attacks to compromised third-party software; 61% report an increased risk due to the extension of their software supply chain.
- Migration to the cloud: 80% of security and enterprise managers believe that migrating critical functions to the cloud has increased their risk; 62% of organizations have experienced business impact attacks involving cloud assets.
âRemote and hybrid work strategies are here to stay, and so are the risks they introduce, unless organizations understand what their new attack surface looks like,â said Amit Yoran, CEO, Tenable.
âThis study reveals two paths to follow: one riddled with unmanaged risks and relentless cyber attacks, and the other that accelerates business productivity and operations in a secure manner. CISOs and CEOs have the opportunity and the responsibility to safely harness the power of technology and manage cyber risks for the new world of work.
Putting cybersecurity at the forefront as a critical investment
Hybrid work models and a digitally driven economy have brought cybersecurity to the fore as a critical investment that can make or break short and long term business strategies. To meet this demand, two-thirds or more of security managers plan to increase their investments in cybersecurity over the next 12-24 months, and about three-quarters plan to spend more on vulnerability management and security. from the cloud.
Additionally, understanding the deep risks created by talent shortages, 64% of understaffed leaders plan to invest in increasing their teams over the next 12 months.