Acronis: Companies Lack Endpoint Security Amid Remote-Work Challenges

New research by Acronis shows organizations continue to struggle to protect their data and infrastructure against new remote-work challenges.

For its 2020 Cyber Readiness Report, Acronis surveyed 3,400 companies and remote workers from around the world during June and July.

Almost all (92%) companies said they had to adopt new technologies to accommodate remote-work challenges. That includes workplace collaboration tools, privacy solutions and endpoint cybersecurity.

Candid Wuest is Acronis‘ vice president of cyber protect research. He said it’s surprising that only 2% of companies are prioritizing a URL filtering feature while phishing attacks escalate.

Acronis’ Candid Wuest

“[This] means that most organizations are building their security protocols on compliance rather than actual real-life industry needs,” he said. “And only one out of five companies managed to keep its IT costs unchanged.”

Another surprise was 39% of companies suffered videoconferencing attacks. A big reason for this is no built-in video conferencing protection tools.

“The massive videoconferencing platform adoption was too abrupt, [with] users ignoring basic security features (available on Zoom, but not activated – like password protection, waiting rooms, authenticated access),” Wuest said.

Malicious hackers tried to attack 31% of global companies at least once a day during the pandemic, according to Acronis.

Additional Costs

Companies in the United States, Singapore, India and United Arab Emirates reported the most significant IT cost increases. Nearly half (47%) of U.S. companies report significant cost increases compared to the global average of 27%.

Additional costs came from new devices and infrastructure upgrades, Wuest said. Other added expenses are collaboration software and securing employees’ home networks.

One in three (35%) companies reported more new devices connecting to their corporate networks in the past three months. Countries with the most new devices are the U.S., India, Singapore and Sweden.

“The report shows that IT managers are struggling the most with adequately instructing employees on remote work and securing remote workers,” Wuest said. “Troubles with securing remote workers and ensuring the availability of internal corporate apps are both caused by low cyber awareness among employees.”

An automated policy application can help here, he said. Moreover, policies should not rely on employees’ cooperation only. Automated enforcement reduces the risk of employees violating them willingly. It also protects the company from their honest mistakes.

“In general, the lack of endpoint controls and numerous unmanaged, unprotected devices that get connected to the internal network – with no defense in depth (DiD) implemented – it becomes too easy to compromise the organization, creating a challenge for MSSPs,” Wuest said.