Tenable ブログ
ブログ通知を受信する
ブラジルでの注目事項: リモートワークには新しいリスク管理が必須
Remote work is here to stay — along with the risks it introduces to Brazilian organizations, if not managed properly. 大切なポイントをご紹介します。
The pandemic forced many Brazilian organizations to shift employees from working largely in offices to entirely remote in the blink of an eye. Technology was the enabler of this fast-paced change, but not without consequences.
The attack surface has expanded, bringing new and unmanaged cyber risk. In fact, six out of 10 Brazilian leaders said the number of business-impacting* cyberattacks increased with the pandemic and 75% attributed recent business-impacting cyberattacks to vulnerabilities in technology implemented in response to the pandemic.
The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 118 respondents in Brazil. 「境界を超える:The Future of Cybersecurity in the New World of Work, was conducted by Forrester Consulting on behalf of Tenable in April 2021.
Remote work introduces new business risks
The move to a hybrid work model in Brazil required three significant shifts, all of which served to atomize the attack surface:
- Dissolving traditional workplace perimeters and providing technology that enables employees to work from anywhere
- クラウドに最重要機能を移行したこと
- Rapidly expanding the software supply chain with new tools for collaboration, communication and productivity
Today, 78% of Brazilian organizations have adopted remote work, with 83% planning to make it permanent in the next 1-2 years; 7% have already made the transition. These changes present significant challenges for security teams as the corporate attack surface expands. Eighty-two percent of remote workers in Brazil have six or more devices connected to their home networks, and many admit to using a personal device to access customer data (55%) and financial records (38%). What's more, 64% of security leaders say employees lack awareness of the available measures to secure home networks and personal devices. The majority of business and security leaders (59%) lack visibility into employee security practices.
As part of this new world of work, business functions are now cloud based. Today 69% of Brazilian organizations moved business-critical functions to the cloud and 82% moved non-business-critical functions. Yet, 97% of business and security leaders believe moving business critical functions to the cloud has increased their organizations' cyber risk.
Expanding the use of third-party software and other services also played a major role in enabling remote work while introducing new risk. More than three-quarters (78%) of Brazilian companies expanded their software supply chain and 76% enhanced existing digital platforms and services to meet changing customer needs. But the majority of business and security leaders in Brazil believe the expanded software supply chain (56%) and the creation of new digital platforms (64%) exposed them to more risk.
Unsurprisingly, 84% of Brazilian executives raised concerns that remote work increased their cyber risk.
Attackers capitalize on workforce changes
Executives' concerns are certainly warranted: the study found that cybercriminals overwhelmingly took advantage of the technology changes that facilitated remote work in Brazil. In fact, 92% of Brazilian organizations experienced a business-impacting cyberattack in the last 12 months.
When looking at the focus of these attacks:
- 72% of business and security leaders say the attacks targeted remote workers
- 66% report they involved an unmanaged personal device used in a remote work environment
- 59% say they involved cloud assets
- 43% cited VPN flaws or misconfigurations as the cause
- 41% report the attacks resulted from home router flaws or misconfiguration.
Securing the new world of work
The new world of work that combines in-office and remote work is here to stay. As a result, security and business leaders are turning their eyes forward and planning to increase investments to fill those gaps. In the next 1-2 years, leaders said the focus will be cloud-based productivity tools (83%), data security (80%) and vulnerability management (78%) solutions.
Securing the new world of work requires a new mindset. It's crucial that organizations gain a holistic view of their risk profile and re-evaluate their cybersecurity strategies to align with the new realities of the modern workplace and ensure businesses aren't left vulnerable.
サイバーセキュリティ戦略が、事業の変化に追随できないと、今日のリスクが明日は現実になります。
* 「ビジネスに悪影響を与える」とはサイバー攻撃またはセキュリティの侵害によって生じる顧客、従業員、その他の機密データの損失、操業の中止、ランサムウェアによって発生した支払い、財務上の損失または窃盗、知的財産の窃盗や損失に関する状況を指します。
関連記事
Cybersecurity Snapshot: CISA Shines Light on Cloud Security and on Hybrid IAM Systems’ Integration
March 15, 2024Check out CISA’s latest best practices for protecting cloud environments, and for securely integrating on-prem and cloud IAM systems. Plus, catch up on the ongoing Midnight Blizzard attack against Microsoft. And don’t miss the latest CIS Benchmarks. And much more!
Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft
February 1, 2024The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security.
Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more
December 29, 2023The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more!
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates
October 25, 2024Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.
- Active Directory
- Cloud
- Executive Management
- BYOD
- Remote Workforce
- Reports
- Risk-based Vulnerability Management
- Shadow IT
- Threat Management
- Vulnerability Management
- Vulnerability Scanning