The surge in remote work has brought a new wave of cyberattacks targeting remote workers. Several industry experts stated that the lack of cybersecurity training may increase cyber risks.
A new research from cybersecurity firm Promon found that 66% of remote workers in the U.K. haven’t been trained on cybersecurity in the past 12 months, whereas 77% said that they aren’t worried about the security while working remotely. Around 61% said they are using personal devices when working from home. This is adding further security concerns as many of these are likely to be less secure than corporate-issued ones.
Cybercriminals are exploiting the current working conditions by carrying out COVID-19-related phishing campaigns and other malicious activities, the research stated. The findings are based on the responses from 2,000 remote workers in the U.K.
“Cybercriminals are taking advantage of decreased levels of security on personal devices connected to corporate networks, with successful attacks ringing alarm bells for employers whose sensitive corporate data is now at risk, along with individuals’ personal data, including banking information and login details,” the report said.
Promon CTO and Co-founder Tom Lysemose Hansen, said, “It’s concerning to find that such a large number of workers don’t have the necessary training to spot a potential cyber threat, such as a phishing email or spoofed website, as these are the main ways in which cybercriminals are executing their attacks. Organizations must ensure that staff who are working remotely are doing so in secure environments, whether that’s on personal or corporate devices, and it’s critical that they provide the necessary training and tools to ensure corporate data is protected.”
U.K. Firms Suffer Basic Cybersecurity Skills Shortage
A similar research into the U.K. cybersecurity labor market by the Department for Digital, Culture, Media & Sport (DCMS) found an increase in the basic cybersecurity skills gap in most organizations in the country. According to the research, around 653,000 organizations (48%) in the U.K. are unable to carry out basic tasks defined in the government’s Cyber Essentials Scheme like setting up firewalls, storing data, and removing malware. The report claimed that 408,000 businesses (30%) lack advanced cybersecurity skills in areas like pen testing, forensics, and security architecture.