Aug. 24, 2020, 2:30 p.m.
But a new survey of 200 IT professionals by Malwarebytes indicates respondents may be suffering from “security hubris,” based on the cyber attacks it’s seen since the quarantine hit.
You might think Malwarebytes reports would stick to topics such as cyber threats (and many do). But the firm recently did an extended survey with “more than 200 managers, directors, and C-suite executives in IT and cybersecurity roles at companies across the US” to see how they felt about making the COVID-19-forced switch to working from home.
The results, on the surface, seem great, as you can see above in the top bullet point. More than 73 percent of those surveyed said their organizations earned a 7 out of 10 or higher for preparedness to switch to WFH.
The rest of those bullets, however, aren’t great. 45 percent didn’t check their software use to make sure it was secure for WFH, and 44 percent said they didn’t do any training (which means, thankfully, 56 percent did). Though 61 percent handed out devices for employees to use at home, the majority didn’t deploy new antivirus or even ask employees to install their own antivirus products.
The managers/directors/execs in the survey mostly seem to think that not much changed security-wise, with almost a third claiming they were just as secure at home as in the office. Malwarebytes attributes this to a few possibilities, such as the feeling of security they get from being decentralized. But the company adds that the sudden transition to WFH “has already created opportunities for more attacks.”
Malwarebytes can back that up with telemetry from their own security software, which has seen an increase in cyberattacks since March 2020. Most of the bad actors out there are also on lockdown, though, and thus forced to use older, commercially available malware families to pull off their schemes, making them easier to detect. The bad new? The bad guys are also adjusting to the new WFH reality. Naturally, using COVID-19 fears to do some malicious social engineering is way up on the list.
Which brings us to the excessive pride of the survey takers. The conflicting conclusions in their own data—isn’t it obvious that a remote workforce wouldn’t have the same security level as a controlled office setting?—has Malwarebytes stating that “security hubris” is the hidden modifier. It’s why the WFH model seems to be so rosy with such a high number of respondents. Only 6.9 percent of respondents actually believe they’re less secure with a workforce that’s at home.
Likewise, they rate their own employees’ awareness of cybersecurity issues very highly. Only 5.4 percent said employees tend to be “oblivious and risky.”
the full report from Malwarebytes.