SpyCloud has released its Ma;ware Readiness & Defense report, which highlights the lack of regulation surrounding employees mixing unauthorized applications and work credentials on their personal and work devices. The report was conducted through a survey of almost 320 IT security professionals from mid-market and enterprise organizations in the US and UK. The aim of the report was to assess how organizations are detecting and addressing the threat of malware as a precursor to cyberattacks such as account takeover and ransomware.
One of the main problems identified in the report was the lack of regulation from businesses when it comes to employees syncing browser data between personal and corporate devices. This practice allows threat actors to access employee credentials and other authentication data through infected personal devices, without detection. SpyCloud stated that 57% of organizations allow this practice to occur, highlighting the severity of the issue.
Another issue highlighted in the report is the prevalence of shadow IT within organizations. Shadow IT refers to the use of unsanctioned applications by employees, which can introduce security vulnerabilities into the network. The report found that employees are often allowed to use their personal and work devices interchangeably, further exacerbating the risk.
The study identifies human behavior as the number one key risk factor. Many organizations prioritize ease and convenience for their employees, allowing them to access applications and data from anywhere with limited friction. However, these conveniences often sacrifice security. The shift to hybrid and remote work environments has only increased these risks, as technologies and practices outpace the cybersecurity industry’s ability to keep up.
One particular risk factor highlighted in the report is the use of personal devices for work purposes. While companies may allow employees to use their own devices to reduce friction, this creates an IT blind spot. The company cannot monitor an employee’s personal device, leaving them vulnerable to attack vectors that go unnoticed. Malware-infected employee devices can provide attackers with access to an organization’s systems and data, leading to cybercrimes such as account takeover, session hijacking, and ransomware attacks.
To mitigate these risks, the report suggests implementing employee cybersecurity training. However, the ultimate responsibility falls on the IT and security teams to ensure that proper security measures are in place. The study found that most organizations were satisfied that 85% of their devices connected to the network were updated with the latest security patches. However, this still leaves 15% of devices vulnerable, which can easily lead to data breaches or ransomware infections.
The report also recommends a shift from a device-centered response to an identity-centered one. Instead of focusing solely on securing compromised machines, organizations should prioritize securing employee identities. This involves resetting authentication, closing sessions, and quarantining the device and user from the network. By taking an identity-centric approach, organizations can disrupt ransomware and other attacks by remediating exposure beyond the device.
In conclusion, the Malware Readiness & Defense report sheds light on the risks associated with employees mixing unauthorized applications and work credentials on their personal and work devices. The lack of regulation in this area, combined with the convenience-focused expectations of the modern workforce, creates significant vulnerabilities for organizations. To mitigate these risks, organizations must prioritize cybersecurity training, ensure devices are updated with the latest security patches, and adopt an identity-centric approach to response and remediation.