A Sophos study shows: The number of security incidents caused by home office increased in just under half of the companies surveyed in Germany. At the same time, however, the effort and costs for IT security increased - and thus possibly also protection against cyber criminals.
With the beginning of the corona pandemic, companies made it possible for their employees to work from home and work on the move. The number of cyber attacks has demonstrably increased during this time, and there have been many indications that this was due in particular to this short-term, organized, decentralized way of working by employees. At least this is what most reports on this topic suggest. Sophos wanted to know whether and how the connection between home office and increased security incidents is.
Be 50 percent fewer security incidents
In a separate Sophos study, decision-makers from companies from various industries and of different sizes in Germany were asked whether they had recorded a higher number of cyberattacks, how large the increase was and whether these were directly related to the work of the employees is.
The (surprising) result: The effects of working from home were apparently not as bad as assumed. At least in terms of the number of security incidents. But if you look at costs, work intensity and effort, a different picture emerges.
Home office: Spam and phishing remain the front runners
The companies in Germany surveyed in the study confirmed that although more security incidents had to be registered and processed by the IT teams, the numbers were far fewer than would have been expected given the increased number of cyberattacks. Only 12 percent of those responsible for IT recorded a significant increase in security incidents, while 30 percent saw only a slight increase.
The total of 42 percent who had to deal with more security incidents than before the home office rule was opposed to a total of 48 percent who said: Everything as usual, the number of incidents remained constant. And even less security-relevant incidents were registered in 10 percent of the companies surveyed. As for the incidents themselves, by far the most cited causes were spam (77 percent) and phishing attacks (59 percent).
Against the background of different headlines, this small increase seems surprising - but another aspect could possibly be responsible for this, which was also decisive in the context of home office regulations:
IT security costs higher, complexity increased
If the presumed explosive increase in security incidents did not occur, the challenges and effects became clear elsewhere. 60 percent of the companies state that the cost of IT security increased during the home office time caused by the pandemic, and another 7 percent even confirm that the costs have exploded.
For most of the IT teams, the distributed structures resulting from the mobile work of the employees primarily had an impact on the content and workload of their work. Only just under a third (27 percent) of the companies surveyed stated that the effort and tasks involved in IT security had remained unchanged as a result of the new situation. New areas of responsibility were added to 31,5 percent, 17,5 percent recorded a higher level of intensity in completing their tasks and 24,5 percent stated that they had both been significantly more busy and faced new challenges. The latter is confirmed in particular by companies from the banking and insurance sectors. All of this could indicate that the widespread absence of the boom was also due to the costs invested and the additional effort. Was it simply better protected?
Technology solutions popular with companies
In those areas where security incidents increased, slightly more than half of the companies surveyed resolved them internally with their own IT team, while 26,5 percent made use of the support of external IT service providers. With 36 percent of all respondents, new technology solutions, e.g. with intuitive administration, were used in the home office situation, four percent made use of Security-as-aService.
About the survey: It was conducted by Techconsult on behalf of Sophos in early October. 200 company representatives from small, medium-sized and large companies from industry, banking and insurance, services, trade, telecommunications and utilities as well as non-profit organizations and public administration were surveyed.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.