Time for organizations to tighten or even ban access from unregistered devices, as data from one global survey suggests

Based on an Aug/Sep 2022 online survey across 27 markets comprising 6,700 business and IT leaders with cybersecurity responsibilities at organizations with up to 1,000 employees, one cybersecurity firm has concluded that hybrid-working trends have resulted in a substantial increase in the use of unregistered devices by employees to access work platforms, adding new security challenges for IT teams across the world.

This risk scenario is further complicated by employees logging into work from multiple networks across their homes, neighborhood amenities and even supermarkets. Some respondents in Singapore noted that employees used two to five different networks for logging into work.

The use of unregistered devices (that is, devices not registered for access to a corporate network and continually certified safe by IT departments) is adding a new layer of challenge for security professionals as they tackle complexities in the current threat landscape. Some cyber findings include:

    • Of those respondents that had indicated a cybersecurity incident occurred in their organization in the past 12 months, the top three types of attacks were malware, phishing, and distributed denial of service attacks, costing US$100,000 to US$500,000 in damages globally.
    • Of security leaders in the survey who recognized the risk, many expected their organization to increase their cybersecurity budget by more than 10% over the next year, and many expected upgrades to their IT infrastructure in the next 12 to 24 months.

According to Juan Huat Koo, Director, Cybersecurity, Cisco (ASEAN), the firm that commissioned the survey: “To make hybrid work truly successful in the long run, organizations need to protect their business with security resilience. This includes establishing visibility on their networks, users, endpoints, and applications to acquire insights into access behavior (patterns), leveraging these insights to detect threats, and harnessing threat intelligence to respond against them on-premises or in the cloud.”