Perfect storm of cybersecurity risks threatens the hybrid workplace
HP Wolf Security report shines light on rise of new ‘Shadow IT’ and increase in phishing-driven compromises
PALO ALTO, Calif., Oct. 28, 2021 (GLOBE NEWSWIRE) -- HP Inc. (NYSE: HPQ) today released its latest HP Wolf Security report: Out of Sight & Out of Mind, a comprehensive global study highlighting how the rise of hybrid work is changing user behavior and creating new cybersecurity challenges for IT departments.
The research shows that a growing number of users are buying and connecting unsanctioned devices outside of IT’s purview. It also highlights that threat levels are rising, with attackers increasingly successful at bypassing defenses and tricking users into initiating attacks through phishing. All of this is making IT support more complex, time-consuming, and costly than ever.
The report combines data from a global YouGov online survey of 8,443 office workers who shifted to Working from Home (WFH) during the pandemic, and a global survey of 1,100 IT decision makers conducted by Toluna. Key findings include:
- New Shadow IT buying and installing endpoints with security out of mind: ‘Shadow IT’ typically refers to non-IT departments deploying software beyond the purview of IT. This shadow is now spreading, with individuals procuring and connecting devices without being checked by IT.
45% of office workers surveyed purchased IT equipment (such as printers and PCs) to support home working in the past year. However,68% said security wasn’t a major consideration in their purchasing decision, while43% didn’t have their new laptop or PC checked or installed by IT, and50% said the same of their new printer. - Phishing becoming increasingly successful:
74% of IT teams have seen a rise in the number of employees opening malicious phishing links or attachments on emails in the last 12-months.40% of office workers surveyed aged 18-to-24 have clicked on a malicious email with almost half (49% ) saying they have done so more often since working from home. Of office workers that clicked or nearly clicked a link,70% didn’t report it to IT –24% didn’t think it was important,20% cited the “hassle factor”, while12% had a fear of reprisal or being punished. - Increase in devices being compromised fuels growth in rebuild rates:
79% of IT teams report rebuild rates increased during the pandemic. Rebuild rates directly correlate to the number of endpoints that require wiping and reimaging because they have been compromised, which implies more attackers are successfully breaching outer defenses. The real figure could be higher still:80% of IT teams worry that employee devices might be compromised and they don’t know about it.
"People often don't know if they have clicked on something malicious, so the real numbers are likely much higher," comments Ian Pratt, Global Head of Security for Personal Systems, HP Inc. "Threat actors don't always announce themselves, as playing the 'long game' to move laterally and infiltrate higher-value infrastructure has proven to be more lucrative. For example, by using cloud backups to exfiltrate sensitive data in bulk, encrypting data on servers, then demanding a multi-million-dollar ransom.”
Pratt continues: "It shouldn't be this easy for an attacker to get a foothold - clicking on an email attachment should not come with that level of risk. By isolating and containing the threat you can mitigate any harmful impact, preventing persistence and lateral movement."
The increasing unmanageability of IT security support
With threats rising, it’s becoming more difficult for IT teams to deliver security support.
65% of IT teams said that patching endpoint devices is more time-consuming and difficult due to the mass shift to home working, while64% said the same of provisioning and onboarding new starters with secure devices.- As a result, IT teams estimate the cost of IT support in relation to security has risen by
52% in the last 12-months. 83% of IT teams said the pandemic has put even more strain on IT support because of home worker security problems, while77% of IT teams say homeworking is making their job much harder and that they fear teams will burnout and consider quitting.
“As IT continues to grow in complexity, security support is becoming unmanageable,” Pratt concludes. "For hybrid working to be a success, IT security teams need to be freed from spending hours provisioning and fielding user access requests so they can focus on tasks that add value. We need a new security architecture that not only protects against known and unknown threats, but that helps to reduce the burden to liberate cybersecurity teams and users alike. By applying the principles of Zero Trust, organizations can design resilient defenses to keep the business safe and recover quickly in the event of a compromise.”
HP is helping organizations to secure the hybrid workplace by delivering endpoint security that provides teams with greater visibility and management tools. With HP Wolf Security1 organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser. HP Wolf Security provides the ideal support for securing the hybrid workplace – for example HP Sure Click Enterprise2 reduces the attack surface by rendering malware, delivered via email, browser or downloads, harmless through threat containment and isolation. HP Wolf Security enables teams to deliver defense-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect the business at large.
About the research
The HP Wolf Security Out of Sight and Out of Mind report is based on findings from:
- A Toluna survey of 1,100 IT decision makers in the UK, the US, Canada, Mexico, Germany, Australia, and Japan. Fieldwork was undertaken between 19th March - 6th April 2021. The survey was carried out online.
- A YouGov survey of 8,443 adults in the US, the UK, Mexico, Germany, Australia, Canada, and Japan who used to be office workers, and worked from home the same amount or more than before the pandemic. Fieldwork was undertaken between 17th - 25th March 2021. The survey was carried out online.
About HP
HP Inc. creates technology that makes life better for everyone, everywhere. Through our product and service portfolio of personal systems, printers, and 3D printing solutions, we engineer experiences that amaze. More information about HP Inc. is available at http://www.hp.com.
About HP Wolf Security
From the maker of the world’s most secure PCs3 and Printers4, HP Wolf Security is a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.
Media Contact
Vanessa Godsal
©Copyright 2021 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
1 HP Security is now HP Wolf Security. Security features vary by platform, please see product data sheet for details.
2 HP Sure Click Enterprise is sold separately and requires Windows 8 or 10 and Microsoft Internet Explorer, Google Chrome, Chromium or Mozilla Firefox and new Edge are supported. Supported attachments include Microsoft Office (Word, Excel, PowerPoint) and PDF files, when Microsoft Office or Adobe Acrobat are installed.
3 Based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on HP Elite PCs with Windows and 8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors and higher; HP ProDesk 600 G6 with Intel® 10th Gen and higher processors; and HP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th Gen processors and higher.
4 HP’s most advanced embedded security features are available on HP Enterprise and HP Managed devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of 2021 published features of competitive in-class printers. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit: hp.com/go/PrintersThatProtect. For more information, visit: hp.com/go/PrinterSecurityClaims.