Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

Spotlight on U.K.: Hybrid Work is Here to Stay and Attackers are Taking Advantage

Spotlight on U.K.: Hybrid Work is Here to Stay and Attackers are Taking Advantage

As U.K. organisations plan their long-term hybrid and remote work models, embracing this new world of work opens the door to new and unmanaged cyber risk. Here's what you need to know.

Over a year after work-from-home mandates went into effect, many U.K. organisations are shifting to long-term hybrid and remote work models. Today, 70% of U.K. organisations have employees working remotely, compared to 31% prior to the pandemic, while 86% plan to permanently adopt a remote working policy or have already done so. But embracing this new world of work opens up unprecedented and unmanaged cyber risk.

The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 168 respondents in the U.K.. The study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work, was conducted in April 2021 by Forrester Consulting on behalf of Tenable. 

Introducing a hybrid working model is complex

The move to a hybrid work model required three significant shifts, all of which served to atomize the attack surface:

  1. Dissolving traditional workplace perimeters and providing technology that enables employees to work from anywhere

  2. Moving business-critical functions to the cloud 

  3. Rapidly expanding the software supply chain with new tools for collaboration, communication and productivity.


This reality has seen the corporate attack surface explode, with many organisations still struggling to understand and address the risks introduced.

A hybrid worker could be in the corporate office one day and the next they're connecting remotely via home routers or WiFi hotspots. While 57% of U.K. security leaders say they have high or complete visibility of remote employer-provisioned devices, only 33% have a similar level of visibility into employee-owned devices. 

As part of changes made in response to the pandemic, 46% of U.K. organisations moved business-critical functions to the cloud, including accounting and finance (42%) and human resources (33%). But when asked about the increased risks, 80% of U.K. respondents believe their organisation is more exposed as a result. Equally concerning, 58% of U.K. respondents attributed at least one cyberattack to third-party software vendor compromise in the last 12 months.

Despite the wide support of hybrid and remote work models, less than half (48%) of U.K. security and business leaders feel they're adequately prepared, from a security standpoint, to support the new world of work. In fact, 78% believe their organisation is more exposed to risks as a result.

Attackers are taking advantage

The concern from corporate leaders is certainly warranted. The study found that 90% of U.K. organisations experienced a business-impacting cyberattack* in the last 12 months, with 51% falling victim to three or more. When looking at the focus of these attacks:

  • 72% resulted from vulnerabilities in systems and/or applications put in place in response to the pandemic

  • 68% targeted remote workers or those working from home

  • 63% involved an unmanaged personal device used in a remote work environment

  • 51% resulted from VPN flaws or misconfigurations

  • 51% involved cloud assets 


The impact to organisations is far from trivial as 36% said they'd suffered a ransomware attack while 33% reported the attacks resulted in a data breach.

We need to change the way we're thinking about risk

Hybrid work models and a digital-first economy have brought cybersecurity front and centre as a critical investment that can make or break short- and long-term business strategies. To address this demand, 75% of U.K. security leaders plan to increase their network security investments over the next 12 to 24 months; 73% will increase spend on cloud security while 66% plan to spend more on vulnerability management.

The new world of work has shattered the corporate network, forcing a move away from perimeter-based security architectures. Organisations need the ability to see into the entirety of the attack surface — on-premises and in the cloud. In tandem, they need to determine where vulnerabilities exist and the impact if exploited. 

Another key focus is Active Directory; the dissolution of traditional perimeters makes the configuration and management of user privileges and access more critical than ever before. Building adaptive user risk profiles — based on changing conditions, behaviours or locations — means the organisation can continuously monitor and verify every attempt to access corporate data before granting or revoking the request.

This provides the security team with visibility of their entire threat landscape, the intelligence to predict which cyberthreats will have the greatest business impact, and controls to address the risks introduced by the new world of work. 

If cybersecurity strategies fail to keep pace with business changes, today's risk could become tomorrow's reality.

*A business-impacting cyberattack is one which results in one or more of the following outcomes: loss of customer, employee, or other confidential data; interruption of day-to-day operations; ransomware payout; financial loss or theft; and/or theft of intellectual property.

View more study highlights here

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.