Hybrid workers are still causing major security headaches

(Image credit: Vektor Illustration/Shutterstock)

With the majority of business owners finding it more difficult to defend against cyber-threats compared to the pre-pandemic period, hybrid workers have once again been blamed for cybersecurity headaches. 

A new survey from endpoint management provider Tanium  found that employees are the “main cause” of avoidable security incidents. 

More precisely - employees clicking on links and attachments sent in phishing emails.

Avoidable incidents

According to Tanium, more than half (54%) of the respondents have had their staff interact with malicious content sent via email, making it the most common facilitator of cyberattacks. In public sector organizations, 64% found avoidable security incidents caused this way. What’s more, 71% of business owners claim it’s more difficult to defend against threats, with the introduction of hybrid workers (following the pandemic).

The second-highest avoidable incident (50%) is security misconfiguration, including things like poor password hygiene, or employees outright failing to protect sensitive data with any form of credentials. 

Tanium also says that things would be a lot better if these firms had the right assets. The third most common avoidable incident is the lack of cybersecurity software that can prevent cyberattacks (47%). In fact, some companies fail to use even the most mainstream cybersecurity tools, it added. For example, only 19% use web vulnerability scanning, 17% use penetration testing software, and 11% have used packet sniffers for at least five years.

Going forward, most organizations will look to defend themselves by investing in threat detection and endpoint security a bit more. Almost half (49%) will focus on threat detection next year, while just slightly less (46%) will focus on endpoint security. Finally, the third-highest area of planned investment is in data recovery and backup tools (45%).

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.