An investigation has uncovered that nearly all companies with over 2,000 workers fell victim to cyber attackers over the last 12 months. The primary susceptibility, noted by 46%, was with remote and hybrid staff.
The exposure to data breaches escalates with dispersed workforces relying on unsecured networks and personal gadgets. Managing security measures across multiple sites while controlling access brings notable hurdles for IT teams.
“When policies lack consistency, they can create vulnerabilities that attackers can exploit,” mentioned Stephen Amstutz, the Innovation Director at Xalient, in communication with TechRepublic via email.
For instance, in January, the Volt Typhoon cybercriminal gang executed botnet assaults on vital infrastructure firms in the U.S. after compromising numerous small and home office routers. A majority of these routers had reached their end-of-life stage and were personal devices beyond the oversight of IT teams.
Inconsistent security standards and obsolete infrastructure are pivotal factors
The report “Deliberating on Future-proofing Your Network in 2025 and Beyond” discloses the extent of security breaches within UK businesses, with 85% acknowledging the exploitability of emerging threats. Xalient, an IT consultancy, surveyed 250 leaders in IT, networking, and security from organizations with 2,000 employees or more across the nation. Ninety-nine percent had encountered a security breach within the past year.
Per the report:
- 46% identified remote and hybrid staff as the predominant cause for cyber attacks faced by companies over the last year.
- 37% attributed the predicament to mobile staff.
- 39% held a branch or subsidiary operations accountable.
Inconsistent security standards or dated third-party infrastructure can morph them into weak links. For example, in June, the exploitation of the MOVEit file transfer app by the Clop ransomware gang led to substantial repercussions. The software was widely used by U.S. and European entities, enabling hackers to pilfer sensitive data and resort to extortion tactics for ransom demands. The initial breach was facilitated through a SQL injection flaw in the MOVEit tool.
EXPLORE: 1/3 of Businesses Encountered SaaS Data Breaches Last Year
However, it’s not solely technical matters triggering breaches. Nearly 80% of respondents pointed out that recruiting and retaining specialized security personnel posed a significant hurdle. This resonates with data from June underscoring the deficiency in technical skills in the UK in contrast to other European nations.
The prevalence of “skills-shortage vacancies,” where positions remain unfilled due to insufficient skills, credentials, or expertise among applicants, is notably high in the UK’s information and communications sector. The percentage rose from 25% in 2017 to 43% in 2022, the latest year for available data.
The researchers at Xalient also probed UK participants about the types of security lapses enabling network exploitation: 42% grappled with the complexities of threat detection and ransomware protection — surpassing the global average by 4%.
Additionally, 40% mentioned the challenges in enforcing consistent risk-mitigating policies due to their vulnerable network structure. Amstutz specified that insecure networks are a consequence of the transition to remote work.
He informed TechRepublic, “Traditional network designs operated under the assumption that users were in corporate premises with applications residing in centralized headquarters or data centers. Remote users and cloud applications were exceptions.
“As we adapted to these paradigm shifts, the focus leaned more towards a cloud-first strategy and remote work, with network adaptations often occurring inconsistently, molded by specific project implementations.”
EXPLORE: Remote Work Policy
Another 30% of participants highlighted their compartmentalized technology stack, posing challenges in unified threat intelligence collection. “Even though most system components are increasingly compatible through APIs, cohesive observability systems to synchronize these distinct data sources are not consistently implemented,” highlighted Amstutz. “Moreover, the teams managing these environments are usually siloed and may lack the time or expertise in adjacent technologies.
“Each of these challenges serves as a potential attack vector, with cyber threats growing increasingly sophisticated as threat actors exploit innovative technologies like generative AI. This technology enhances not only social engineering tactics but also enables user or group impersonation.”
Remote Workforces and Secure Access Service Edge Adoption
SASE serves as a cloud-centric framework merging network security and wide-area networking capabilities to securely link users with applications and data regardless of their position. This framework presents an appealing model for dispersed workforces compared to utilizing disparate structures comprising firewalls, VPNs, and more.
Amstutz highlighted to TechRepublic: “SASE provides a uniform approach ensuring that policies align with user location, device posture, and data confidentiality.”
EXPLORE: Top Secure Access Service Edge Platforms in 2024
Upon surveying UK businesses on their stance towards SASE and if their security challenges were directing them towards its adoption, only 8% confessed to embracing SASE for securing remote access, a figure below the global 14% average.
The top three factors, each stated by 14% of respondents, include:
- The escalating costs of conventional networking systems.
- Operational glitches with critical SaaS applications.
- Initiatives to transition away from legacy VPNs.
“The financial implications of traditional networking infrastructures and outdated systems are more pronounced in the UK compared to other regions,” the authors emphasized in a release. European entities usually focus on established technologies, thus positioning the region as technologically lagging, especially when juxtaposed with the U.S.
The primary advantage of SASE adoption for UK firms, as cited by 35% of respondents, was the amped-up functionality of mission-critical SaaS applications. However, enhancing remote access security trailed closely at 30%.
UK entities exhibited a preference for implementing Secure Services Edge (SSE) first, followed by SD-WAN, with the report’s authors positing that “the large volume of remote workforce and the necessity to retire legacy tech might be steering this approach.”
About Author
