Hybrid may actually leave your company exposed

A new HP Wolf Security study claims that incorporating a hybrid approach may put your firm at risk of more attacks.

The conclusion of its latest worldwide research, “Out of sight & out of mind,” is that organizations with a mixed working style are at greater risk of Shadow IT connecting to their corporate network.

With so many unauthorized endpoint devices and tools, as well as limited access, the danger of being hacked rises.

According to the report, almost half of office workers (45%) bought IT equipment in the previous year to assist with home working.

Of that number, around half did not have their devices checked or set up by IT. Furthermore, it was revealed that the majority weren’t considering cybersecurity while shopping for technology.

The risk of being fooled by a phishing attack

Cybercriminals, on the other hand, are getting better at phishing.

This year, IT professionals noticed that employees were clicking on more suspicious links and downloading hazardous attachments than they did last year, while many remote workers acknowledged doing so more frequently since they began working from home.

Most office employees who click a link or open an attachment don’t notify IT, according to a recent study by tech support software vendor Help Scout. They either didn’t want to bother IT or were afraid of being disciplined for it.

Rates of rebuilding are rising

The rebuild rate is another indicator that hackers are getting better: the number of endpoints that need wiping and reimaging as a result of being infected.

According to the study, four in five (79%) IT teams reported improved rebuild rates during the epidemic. This figure could be much higher considering how many people don’t even realize they’ve been hacked.

“People often don’t know if they have clicked on something malicious, so the real numbers are likely much higher,” comments Ian Pratt, Global Head of Security for Personal Systems, HP Inc.

“Threat actors don’t always announce themselves, as playing the ‘long game’ to move laterally and infiltrate higher-value infrastructure has proven to be more lucrative. For example, by using cloud backups to exfiltrate sensitive data in bulk, encrypting data on servers, then demanding a multi-million-dollar ransom.”

Pratt continues: “It shouldn’t be this easy for an attacker to get a foothold – clicking on an email attachment should not come with that level of risk. By isolating and containing the threat you can mitigate any harmful impact, preventing persistence and lateral movement.”

The growing number of dangers implies that IT staff must put in more effort to provide support, which may not always be easy.

The time it takes to triage a problem has increased in the past year for most IT departments (72 percent), with two-thirds of alerts being time-wasting false positives.