Achieving a balance between productivity and security is even harder, given that most organizations do not have adequate visibility or control over what their employees are doing on corporate owned smartphones and laptops while outside the office. Even less so in the case of BYOD.
Do remote workers pose a greater cybersecurity risk than their counterparts at the office?
NetMotion recently aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or blocked) URLs, otherwise known as risky content. The analysis, which is derived from data gathered between May 30th – June 24th, 2020, revealed that employees clicked on 76,440 links that took them to potentially dangerous websites.
All of these sites were visited on work-assigned devices while using either home or public Wi-Fi or a cellular network connection. The data also revealed several primary risk categories, which were identified using machine learning and based on the reputation scores of over 750 million known domains, more than 4 billion IP addresses and in excess of 32 billion URLs. The assumption is that a large number of employees connected to protected internal (non-public) networks would have been prevented from accessing this risky content.
These are the key findings:
Employees, on average, encounter 8.5 risky URLs per day, or 59 per week
Remote workers also access around 31 malware sites per month, and 10 phishing domains. That equates to one malware site every day, and one phishing domain every 3 days
The most common types of high-risk URLs encountered, in order of prevalence, were botnets, malware sites, spam and adware, and phishing and fraud sites
Over a quarter of the high risk URLs visited by employees were related to botnets
Almost 1 in 5 risky links led to sites containing spam, adware or malware
Phishing and fraud, which garner an outsized proportion of news, account for only 4% of the URLs visited
The ‘other’ category, representing 51% of the data in the chart above, is made up of ‘low-severity’ risky content, such as websites that use proxies, translations and other methods that circumvent URL filtering or monitoring.
Achi Lewis, EMEA Director, NetMotion Software said: “As this research highlights, remote workers are frequently accessing risky content that would normally be blocked by firewalls and other security tools that monitor internal network traffic. Naturally, this poses an enormous threat to the enterprise. Added to this, many organizations have no visibility into the activity taking place on external networks, let alone any means to prevent it. With such a rapid shift to remote work, enterprise security teams have been left flat-footed, unable to adequately protect users in the face of increasingly sophisticated cyberattacks.”