Tenable ブログ
ブログ通知を受信する
メキシコでの注目すべき事例: 新しい働き方を支える新しいサイバーセキュリティ対策が必要とされる
Embracing the new world of hybrid and remote work in Mexico has opened the door to new and unmanaged cyber risk. 大切なポイントをご紹介します。
The pandemic completely transformed the way most organizations work, and Mexico is no exception. At the beginning of 2020, hybrid and remote work models were far-off visions of the future at a time when only 16% of Mexican organizations had employees working remotely. By April 2021, eight out of 10 Mexican organizations had adopted remote work, with 71% planning to make it permanent in the next one to two years. Yet, 80% of security and business leaders have raised concerns that this new world of work creates increased risk.
The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 155 respondents in Mexico. 「境界を超える:The Future of Cybersecurity in the New World of Work, was conducted by Forrester Consulting on behalf of Tenable in April 2021.
Embracing new world of work brings new and unmanaged cyber risk
The rapid transition to facilitate remote work accelerated technology adoption. As a result, the attack surface has transformed with the adoption of new cloud-based solutions, alongside significant changes in the digital platforms and the software supply chain in order to improve collaboration, communication and productivity.
The vast majority (82%) of remote workers in Mexico have six or more devices connected to their home networks, and many admit to using a personal device to access customer data (59%) and financial records (40%). Six out of 10 security leaders said they lack visibility over remote employee home security practices.
Cloud-based solutions played a key role in enabling businesses continuity. Today, Mexican organizations have moved business-critical functions (77%) and non-business critical functions (90%) into the cloud.
Digital platforms and services are next. Almost half (47%) of Mexican organizations enhanced existing digital platforms, while 23% created new platforms in pandemic times. Looking to the future, 67% of security and business leaders said enhancing digital platforms will continue to be a priority.
The software supply chain also expanded as a result of the pandemic, according to 63% of respondents; another 14% expect to add new software over the next 12-24 months.
Attackers have also evolved
Attackers have capitalized on these workforce changes. Ninety-six percent of Mexican organizations experienced a business-impacting* cyberattack in the last 12 months, with 81% falling victim to four or more
When looking at the focus of these attacks:
- 74% resulted from vulnerabilities in systems and/or applications put in place in response to the pandemic
- 69% targeted remote workers or those working from home
- 59% resulted from a third-party software vendor compromise
- 57% involved an unmanaged personal device used in a remote work environment
The time to rethink risk management is now
There is no turning back. A new world of work that combines in-office and remote work is here to stay. As a result, security and business leaders are turning their eyes forward and planning to increase investments in network security (88%), vulnerability management (79%) and cloud security (75%) in the next one to two years. Seventy-three percent feel confident that in the next two years they will have the ability to accurately analyze and measure cyber risk, allowing for better business and technology decisions.
Managing risk in an environment where the perimeter has disappeared even as the attack surface continues to expand isn't an easy task. 今まで使っていたツールに依存していては、この新しい現実のセキュリティは確保できません。Securing the new world of work requires a new mindset. It's imperative that organizations gain a holistic view of their risk profile and re-evaluate their cybersecurity strategies to ensure businesses aren't left vulnerable.
サイバーセキュリティ戦略が、事業の変化に追随できないと、今日のリスクが明日は現実になります。
* 「ビジネスに悪影響を与える」とはサイバー攻撃またはセキュリティの侵害によって生じる顧客、従業員、その他の機密データの損失、操業の中止、ランサムウェアによって発生した支払い、財務上の損失または窃盗、知的財産の窃盗や損失に関する状況を指します。
関連記事
Cybersecurity Snapshot: CISA Shines Light on Cloud Security and on Hybrid IAM Systems’ Integration
March 15, 2024Check out CISA’s latest best practices for protecting cloud environments, and for securely integrating on-prem and cloud IAM systems. Plus, catch up on the ongoing Midnight Blizzard attack against Microsoft. And don’t miss the latest CIS Benchmarks. And much more!
Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft
February 1, 2024The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security.
Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more
December 29, 2023The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more!
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Active Directory
- Cloud
- Executive Management
- Endpoint security
- Internet of Things
- BYOD
- Remote Workforce
- Reports
- Research Reports
- Risk-based Vulnerability Management
- Center for Internet Security (CIS)
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning