New research released from
ThreatX reveals that IT
teams are struggling to monitor and enforce BYOD (Bring Your Own Device)
policies during summer months when more employees are often traveling
or working remotely. With more endpoints and applications in use, and
often personal rather than corporate issued, the risk to corporate data
may increase. Given APIs are the driving force behind these connections,
the study reinforces the need for prioritizing API and application
security.
ThreatX surveyed 2,000 consumers across the US and UK to assess whether
employees' behaviors during the summer are inadvertently increasing API
and application risk. More than half (55%) of employees admit to relying
solely on their mobile devices while working from vacation and holiday
destinations in the summer. Further, 25% claim that they aren't
concerned about ensuring network connections are secure when accessing
company data, and only 12% use a VPN when traveling and working
remotely.
The results show that employees increasingly rely on personal devices to
access corporate data during the summer, which could open the door to
cyber criminals seeking to penetrate corporate networks. And with 38% of
respondents neglecting to notify their employers when working from new
locations while traveling, it becomes harder for IT teams to monitor
BYOD policies and application usage.
"The summer months lead to increased cybersecurity risks as employees'
behaviors shift and as cyber hygiene becomes laxer. Factors such as
increased remote work and travel, and even employees' children using
parents' devices to browse the internet and play games, all can
potentially expose corporate data through attacked APIs," said Jeremy
Ventura, Director, Security Strategy & Field CISO at ThreatX. "To
avoid this, it's important organizations strengthen the visibility and
security by tracking, monitoring, and uncovering vulnerable API and
applications."
The report also presents several notable findings:
-
Younger employees are most likely to use mobile devices for work: when
traveling or working remotely, 67% of Millennial employees (compared to
55% overall) said they depend on their personal mobile devices to work.
This signals that the younger generations who make up the largest
percentage of today's workforce, are increasingly relying on their
personal mobile devices to work, which poses more risk to an
organization's security.
-
Organizations need summer security trainings: 45% of employees in
the US and UK said no specific measures to educate and remind employees
on security best practices are taken during the summer, with only 24%
of UK respondents receiving access to online cybersecurity trainings and
guides and even less (17%) in the US.
-
US and UK employees have very similar summer behaviors: Both
admitted to using public or local WiFi or cellular data most (51% in US,
47% in UK) when working from different locations, and both were only
somewhat concerned about the security risks of doing so when accessing
corporate data (34% in US, 36% in UK).
The findings from ThreatX's survey highlight a cybersecurity gap with
potentially harmful ramifications during summer work months. The
exploitation of the zero-day attack on Zellis by way of the MOVEit file transfer tool
over Memorial Day Weekend is just one example of the ways in which bad
actors attack organizations during holiday and summer months as security
resources soften. Enterprises need to prevent future breaches via
vulnerable APIs by implementing enhanced security measures that deploy
always-on threat monitoring for suspicious activity and develop a
security best practice guide that's regularly updated, instilling a
heightened awareness across threats during summer months.