Remote work decreases security oversight, according to a recent report
In the wake of the global pandemic, companies have faced unprecedented challenges in maintaining security and visibility into employee endpoints and systems. The rapid shift to remote work caused a significant visibility challenge, with companies struggling to monitor their systems for security threats in a cloud environment.
According to a report by Enterprise Strategy Group, commissioned by Axonius, 79% of respondents reported a widening visibility gap in their cloud infrastructure. This finding reinforces previous reports suggesting that security considerations became an afterthought during the initial stages of the pandemic.
The report also highlights the difficulty companies have in monitoring their systems for security threats in a cloud environment. Gartner Research VP, Pete Shoard, states that the challenge is not about blind spots but a change in dynamic as to what to monitor. Security tools designed for on-premises environments may not be able to move at the speed required for a cloud environment.
As companies moved their various streams of data into multiple buckets, the environment became increasingly complex. This complexity, combined with the shift to remote work, has led to a significant increase in security incidents. According to the study, organizations, in some cases, experienced 3.3 times more security incidents.
Many companies reported a significant increase in security incidents driven largely by insider threats. In the past twelve months, 59% of data security incidents were caused by insiders. Despite this, 73% of these companies did not increase their security budgets during the crisis, indicating limited planned future investments in security resources.
The focus for security professionals has shifted from the perimeter to monitoring the behaviours of individuals (or their accounts) when interacting with systems and applications. As companies use four or more cloud providers, moving away from the traditional on-premises or hybrid setup, this becomes increasingly important.
The study found that four of every five respondents said their companies will invest more money into securing corporate assets. Corporate stakeholders, according to the trendline, are interested in understanding the risk calculus of their technology stacks and in answering the question: Are we a target?
About three-quarters of organizations expect the number of remote workers at companies to increase even after pandemic recovery begins. This trendline suggests that the challenges faced by companies in maintaining security and visibility will continue to be a significant issue in the post-pandemic workplace. The report also reinforces the need for corporate stakeholders to invest in cybersecurity resources and to better understand the risk calculus of their technology stacks.
