Cyber Exposure company, Tenable, published a global study that revealed 71% of organizations in India attribute recent business-impacting cyberattacks on the remote workforce due to vulnerabilities in technology put in place in response to the pandemic. The data is drawn from its report titled “Beyond Boundaries: The Future of Cybersecurity in the New World of Work.” The report is based on a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 92 responses in India, conducted by Forrester Consulting on behalf of Tenable.
The study found a stark contrast between Indian organizations’ plans for a hybrid work model and the reality of securing it.
The media reports that IT/ITES companies in India such as TCS, Infosys, HCL Infosystems, Wipro and others have started calling their workforce back to the office. Some, like TCS, have opted for a permanent hybrid work model.
The Tenable study shows that 80% percent of Indian organizations plan to have employees working from home at least once a week in the next 12-24 months, while 63% plan to make a permanent move to remote work over the next two years.
Speaking to CISO MAG, Nathan Wenzler, Tenable Chief Security Strategist, said, “The responses we got from the Indian audience are very much in line with what we saw overall. So, I don’t think we see India as being an outlier. But a huge majority of responses from the Indian audience are going to increase investment in cybersecurity, budgets, resources, and tools. And I might even say that was a higher number than we saw across the rest of the globe.”
Remote Workforce Poses New Security Challenges
The Tenable study points out that an alarming 53% of security and business leaders expressed concerns that their organizations are only somewhat or not prepared at all to secure their workforce strategy.
Specific challenges about supporting a remote workforce include the lack of employee awareness to secure home networks and personal devices (53%) and visibility into employee security practices (56%). To further compound matters, a meagre 29% felt that they have enough staff to adequately monitor the attack surface. It’s clear that organizations need to eliminate blind spots by shoring up their defenses to support the next phase of their workforce model.
“One of the things that the pandemic and remote workforce really revealed is that organizations struggle with two things: visibility and all their assets. Assets is not just your servers and workstations, but your IoT devices, your operational technology, your web applications. They don’t have good visibility into what they have. And they don’t respond quickly when those environments change,” said Wenzler.
Impact of an Atomized Attack Surface
The study also found that the fast deployment of new technologies to facilitate remote work heightened the level of risk for Indian businesses. In the past year, a staggering 88% of Indian organizations experienced a business-impacting cyberattack, with 56% of respondents indicating that the attacks targeted remote workers. It is no surprise that, as organizations adopted new technologies to embrace remote work, their software supply chain expanded. Sixty-three percent of security leaders attributed recent attacks to a third-party software vendor compromise – underscoring the need for greater visibility into the atomized attack surface.
“The future of work is without perimeters and organizations must be prepared to secure their new reality,” said Kartik Shahani, country manager at Tenable India. “It’s more important than ever for business and security leaders to lock arms and weave cybersecurity into the fabric of their organizations’ digital infrastructure. Organizations must rethink their approach to understanding and managing cyber risk in the new world of work.”
Hybrid work models and a digital-first economy have brought cybersecurity front and center as a critical investment that can make or break short- and long-term business strategies. To address this demand, Indian security leaders plan to increase cybersecurity investments in vulnerability management (92%), cloud infrastructure and platforms (84%) and identity access management (66%).
To read the full study, visit: here
