HP Inc.’s latest Wolf Security global report says cybersecurity threat levels are rising as scammers become increasingly successful at bypassing defences and tricking users.
(image: HP Wolf Security) |
The HP Wolf Security report, Out of Sight & Out of Mind, is a global study highlighting how the rise of hybrid work is changing user behaviour and creating new cybersecurity challenges.
“The research shows a growing number of users are buying and connecting unsanctioned devices outside of IT’s purview,” the report said. “It also highlights that threat levels are rising, with attackers increasingly successful at bypassing defences and tricking users into initiating attacks through phishing.
"Threat actors don't always announce themselves": Ian Pratt, HP Inc |
"People often don't know if they have clicked on something malicious so the real numbers are likely much higher," said Ian Pratt, global head of security for personal systems, HP Inc. "Threat actors don't always announce themselves, as playing the 'long game' to move laterally and infiltrate higher-value infrastructure has proven to be more lucrative. For example, by using cloud backups to exfiltrate sensitive data in bulk, encrypting data on servers, then demanding a multi-million-dollar ransom.
"It shouldn't be this easy for an attacker to get a foothold - clicking on an email attachment should not come with that level of risk. By isolating and containing the threat you can mitigate any harmful impact, preventing persistence and lateral movement."
The report combines data from a global YouGov online survey of 8,443 office workers in the US, the UK, Mexico, Germany, Australia, Canada, and Japan who shifted to working from home during the pandemic, and a global survey of 1,100 IT decision makers.
Key findings include:
New Shadow IT buying and installing endpoints with security out of mind:
‘Shadow IT’ typically refers to non-IT departments deploying software beyond the purview of IT. This shadow is now spreading, with individuals procuring and connecting devices without being checked by IT. 45% of office workers surveyed purchased IT equipment (such as printers and PCs) to support home working in the past year. However, 68% said security wasn’t a major consideration in their purchasing decision, while 43% didn’t have their new laptop or PC checked or installed by IT, and 50% said the same of their new printer.
Phishing becoming increasingly successful:
74% of IT teams have seen a rise in the number of employees opening malicious phishing links or attachments on emails in the last 12-months. 40% of office workers surveyed aged 18-to-24 have clicked on a malicious email with almost half (49%) saying they have done so more often since working from home. Of office workers that clicked or nearly clicked a link, 70% didn’t report it to IT – 24% didn’t think it was important, 20% cited the “hassle factor”, while 12% had a fear of reprisal or being punished.
Increase in devices being compromised fuels growth in rebuild rates:
79% of IT teams report rebuild rates increased during the pandemic. Rebuild rates directly correlate to the number of endpoints that require wiping and reimaging because they have been compromised, which implies more attackers are successfully breaching outer defences. The real figure could be higher still: 80% of IT teams worry that employee devices might be compromised and they don’t know about it.
“As IT continues to grow in complexity, security support is becoming unmanageable,” Pratt said. "For hybrid working to be a success, IT security teams need to be freed from spending hours provisioning and fielding user access requests so they can focus on tasks that add value. We need a new security architecture that not only protects against known and unknown threats, but that helps to reduce the burden to liberate cybersecurity teams and users alike. By applying the principles of Zero Trust, organizations can design resilient defences to keep the business safe and recover quickly in the event of a compromise.”
An HP press release added: “HP is helping organizations to secure the hybrid workplace by delivering endpoint security that provides teams with greater visibility and management tools. With HP Wolf Security, organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser. HP Wolf Security provides the ideal support for securing the hybrid workplace – for example HP Sure Click Enterprise reduces the attack surface by rendering malware, delivered via email, browser or downloads, harmless through threat containment and isolation. HP Wolf Security enables teams to deliver defense-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect the business at large.”