Workers creating a “back door” into companies’ IT networks, research reveals

Fresh warning comes just days after cyber expert said the next large-scale attack could cost insurers billions

Workers creating a “back door” into companies’ IT networks, research reveals

Cyber

By Lucy Hook

Businesses are leaving their IT networks wide open through a lack of cyber-security among remote-working employees, new research has revealed. Workers, whether via remote working or simply accessing their work via personal devices, are creating a “hidden back door” into company networks, a study by the corporate IT and cyber security arm of Deutsche Telekom has found.

The findings come hot on the heels of two major cyber-attacks, Petya and WannaCry, which have put cyber-security concerns under the global spotlight in recent months. Just last week, CFC Underwriting’s head of innovation warned that another large-scale attack is imminent, and that there could be a significant cost to insurers: “It would only need a combination of WannaCry’s wide reach and Petya’s destructive force to cost cyber insurers something like $2.5 billion, or a full year of gross premium income in the market,” Graeme Newman told Bloomberg.

The new research from T-Systems revealed that viruses, ransomware, and other malware are at epidemic levels, with nearly a third of all UK households reporting having suffered problems from malware or stolen passwords in the past 12 months. That’s a major risk for employers who increasingly allow flexible working among employees.

“You’ve got the multitude of devices we’re now using and taking for granted, and the fact that we are working at home more – it just opens too many doors for malware to get in,” Scott Cairns, CTO at T-Systems, told Insurance Business.

The explosion of the Internet of Things has only worsened the problem, with almost a third of working-age households now owning smart wi-fi enabled devices, according to the study, which are often set up with very basic passwords.

But despite the risks, many businesses are failing to properly educate employees: 28% of workers said they have never received cyber-security training from any employer.

“It’s quite scary,” Cairns commented. “This sort of education is not something you just do when someone onboards and then forget about,” he said, adding that organisations should be educating employees on a quarterly basis at the least.

“[Companies] have to realise that it’s no longer the case that people just come into an office and sit down and work, your workforce is mobile now. And because they’re mobile, you have to think slightly differently as to how to educate them, based on where they’re going to be,” Cairns added.

“Our research highlights that the potential danger for organisations of all sizes can begin much closer to home.  This originates through a combination of poor home cyber-security, the continued growth in the range and interconnection of smart devices, and the widespread practice of using personal devices for work one minute, and then personal use the next.”


Related stories:
WannaCry attack fails to stimulate cyber insurance market, broker research says
AXA urges government to clarify rules for driverless cars, cyber security
 

Keep up with the latest news and events

Join our mailing list, it’s free!