Hybrid workers are still causing major security headaches

Hybrid workers are still interacting with phishing emails, report warns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

With the majority of business owners finding it more difficult to defend against cyber-threats compared to the pre-pandemic period,hybrid workershave once again been blamed for cybersecurity headaches.

A new survey fromendpointmanagement provider Tanium  found that employees are the “main cause” of avoidable security incidents.

More precisely - employees clicking on links and attachments sent in phishing emails.

Avoidable incidents

According to Tanium, more than half (54%) of the respondents have had their staff interact with malicious content sent via email, making it the most common facilitator of cyberattacks. In public sector organizations, 64% found avoidable security incidents caused this way. What’s more, 71% of business owners claim it’s more difficult to defend against threats, with the introduction of hybrid workers (following the pandemic).

The second-highest avoidable incident (50%) is security misconfiguration, including things like poor password hygiene, or employees outright failing to protect sensitive data with any form of credentials.

What is phishing and how dangerous is it?>Phishing attacks are getting more and more sophisticated>These are the best firewalls right now

Tanium also says that things would be a lot better if these firms had the right assets. The third most common avoidable incident is the lack of cybersecurity software that can prevent cyberattacks (47%). In fact, some companies fail to use even the most mainstream cybersecurity tools, it added. For example, only 19% use web vulnerability scanning, 17% use penetration testing software, and 11% have used packet sniffers for at least five years.

Going forward, most organizations will look to defend themselves by investing in threat detection and endpoint security a bit more. Almost half (49%) will focus on threat detection next year, while just slightly less (46%) will focus on endpoint security. Finally, the third-highest area of planned investment is in data recovery and backup tools (45%).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics