ORGANISATIONS are at risk from a toxic combination of increased exposure to cyberattacks and widespread employee reluctance to report potential security incidents, arising from the shift to work from home, a study commissioned by Japanese information and communication technology company Fujitsu has found.

According to the study conducted by Longitude/Financial Times, 48 per cent of non-technical employees are reluctant to report any potential threats for fear of possible recriminations. “This means enterprises are massively exposed,” the study stated.

“For many organisations it was a race against the clock to enable remote working at the start of the COVID-19 pandemic, and in several cases cybersecurity protocols and measures were not considered as a primary requirement. Instead, many companies implemented temporary measures that were not stringent enough,” a company release quotes Dr Evan Hemans, head of digital technology services at Fujitsu Caribbean.

“Unfortunately, some of these remain in place a year later, leaving these companies vulnerable – which is evidenced in the surge in cyberattacks and/or breaches of big-name companies and government entities in the region,” he said.

“The risk factor is now greater as many companies have left their organisations exposed and susceptible to cyberattacks. At the same time, attack surfaces — the total sum of the vulnerabilities that can be exploited to initiate and carry out an attack — have increased, and employees are also sometimes not adopting cybersecurity measures when working remotely and they may be reluctant to report potential incidents. Companies therefore need a robust infrastructure that includes an integrated suite of digital workplace tools to enable a borderless office and smart working,” Dr Hemans explained.

He said the incorporation of zero-trust security will substantially defend and manage the varying layers, including application, computing containers and virtual machines. Additionally, zero-trust’s inherent ability to identify and monitor the various technology stacks and layers facilitate easier, more comprehensive and accurate decision-making, thereby enabling companies with a focus on cultural change to adapt to new work styles.

The worldwide spread of the novel coronavirus forced many organisations to scramble and introduce short-term measures to enable staff to work from home, leading to an uptick in the use of cloud services. Many organisations also relaxed restrictions on access to corporate networks and data via personal devices and unsecured home networks.

Consequently, many businesses have also seen their exposure to cyberattacks increase exponentially, leaving IT leaders with a great deal of work to do.

With many knowledge workers now marking a full year since they started working remotely, Fujitsu’s findings suggest that many employees feel more isolated than ever. Working remotely, employees feel less able to ask a workmate for casual advice around security issues, such as “Does this e-mail look suspicious to you?”, but are reluctant to report such potential security issues.

To understand the extent to which international businesses recognise the challenge they face by extended work-from-home arrangements, Fujitsu surveyed 331 senior executives across organisations in 14 countries. Respondents came from five broad industry groups: financial services, retail, manufacturing and automotive, energy and utilities, and central/federal government.

Among the key findings were:

• 54 per cent are unable to ensure that security policies kept pace with significant changes. This suggests that businesses are leaving themselves unnecessarily exposed to cybercrime.

• 48 per cent of non-technical employees are reluctant to report any security threats they find. That number drops to 37 per cent among technical employees but still highlights a widespread reluctance to take appropriate action, suggesting that implementing cultural change should be a business priority for the year ahead.

Fujitsu said that its advanced security solutions help businesses and public agencies minimise disruption and maintain business continuity by strengthening their security strategy and operations across every level of an organisation.

“This means intelligence-led solutions supported by an integrated and collaborative approach to cybersecurity challenges — all delivered to the highest security standards,” Fujitsu said, adding that “this enables organisations to adopt a security model that retains the resilience necessary to operate in the current conditions and offers security without hindering business growth.”