HP has released its HP Wolf Security Blurred Lines & Blindspots Report, a comprehensive global study assessing organizational cyber risk in an era of remote work.
The report shows that changing work styles and behaviors are creating new vulnerabilities for companies, individuals, and their data. According to the findings, 70% of office workers surveyed admit to using their work devices for personal tasks, while 69% are using personal laptops or printers for work activities. Almost one-third (30%) of remote workers surveyed have let someone else use their work device.
As a result of these and other behaviors, home workers are increasingly being targeted by hackers. KuppingerCole, an international, independent analyst firm that contributed to HP’s report, notes there has been a 238% increase in global cyberattack volume during the pandemic.
“As the lines between work and home have blurred, security risks have soared and everyday actions such as opening an attachment can have serious consequences,” comments Joanna Burkey, Chief Information Security Officer (CISO), HP Inc. “Without all of the pre-pandemic sources of visibility of devices, and how they are being used and by who, IT and security teams are working with clouded vision.”
HP’s report coincides with the launch of HP Wolf Security, the company’s newly integrated portfolio of secure by design PCs and printers, hardware-enforced endpoint security software, and endpoint security services.1 The study provides a multi-dimensional view by combining findings from: a global YouGov online survey of 8,443 office workers; a global survey of 1,100 IT Decision Makers (ITDMs), conducted by Toluna; real-world threat telemetry gathered from customers within HP Sure Click Virtual Machines; and analysis from KuppingerCole.
Key findings include:
• 76% of office workers surveyed say working from home during COVID-19 has blurred the lines between their personal and professional lives.
• 27% of office workers surveyed say they know they are not meant to share work devices but felt they ‘had no choice’ – yet 85% of ITDMs worry such behavior increases their company’s risk of a security breach.
• Half of office workers say they now see their work devices as a personal device, while 84% of ITDMs worry such behavior increases their company’s risk of a security breach.
• Over the past year: 54% of ITDMs saw an increase in phishing; 56% an increase in web browser related infections; 44% saw compromised devices being used to infect the wider business; while 45% saw an increase in compromised printers being used as an attack point.
Blurred lines between home and office creating new risks
71% of employees surveyed say they access more company data, more frequently, from home now than they did pre-pandemic – with the most common types of data being accessed being: customer and operational data (43% each) and financial and HR records (23% each). At the same time, HP Wolf Security report shows office workers surveyed are increasingly using their work devices for personal tasks. For example:
• 33% download more from the internet than prior to the pandemic – a figure that rises to 60% for those aged 18-24.
• 27% of respondents use their work device to play games more than prior to the pandemic – a figure rises to 43% for parents of children aged 5-16.
• 36% use their work device for watching online streaming services – again, this figure rises to 60% among those aged 18-24.
• Four in ten office workers admit to using their work device for homework and online learning more in the past year. A figure that rises to 57% for parents of children aged 5-16.
Hackers are taking advantage of these shifting patterns to tailor their phishing campaigns. According to KuppingerCole, there was a 54% increase in malicious actors exploiting gaming platforms between January and April 2020, often directing users to phishing pages. HP Wolf Security’s Threat Insights showed an increase in gaming-themed malware; with Ryuk ransomware and samples of stealthy JavaScript downloader malware, Gootloader, masquerading as Fortnite hacks.
KuppingerCole also found at least 700 fraudulent websites impersonating popular streaming services were identified in just one 7-day period in April 2020. Added to this, HP Wolf Security Insights showed users attempting to download malware-infected files – including ransomware – from their personal email accounts to their work devices. Had these customers not been protected by HP Wolf Security micro-virtualisation then these incidents would have resulted in a breach, as they had successfully evaded all other layers of security.
Office workers connecting to corporate networks with insecure devices
Aside from misusing work devices for personal reasons, office workers are also using potentially insecure devices to connect to the corporate network. 88% of ITDMs say they worry their risk of breach has risen because employees are using personal devices for work that were not built with business security in mind. They are right to worry, the YouGov online survey within HP’s report shows 69% of office workers surveyed have used their personal laptop or personal printer/scanner for work activities more often since the start of the pandemic to complete tasks:
• 37% used a personal PC/laptop to access work applications.
• 32% used their personal PC/laptop to access the main corporate network and servers.
• Over a third (34%) used their home printer to scan and share documents with colleagues and customers.
• One in five (21%) have used their home printer to save files to the network over the VPN.
“More than half (51%) of ITDMs have seen evidence in their company of compromised personal PCs being used to access company and customer data in the past year. This is a huge risk that could lead to exposed company data, reputational damage, non-compliance and loss of customer trust,” comments Ian Pratt, Global Head of Security, Personal Systems, HP Inc.
The endpoint as the first line of defense
82% of office workers surveyed for the HP Wolf Security report said they had worked from home more since the start of the pandemic than previously, while 39% expect to predominately work from home post-pandemic or split their time equally between home and office-based working. Therefore, many of these risks will remain once the world returns to ‘normal’.
An increasingly inevitable outcome of this is that distributed workers are no longer protected by the corporate firewall. Analysis for the report from KuppingerCole shows that globally in 2020, endpoints connected to the internet were experiencing 1.5 attacks per minute. As a result, 90% of ITDMs say the pandemic experience of 2020 has highlighted the growing importance of strong endpoint security in defending the increasingly perimeter-less organization; while 91% say endpoint security has become equally important as network security.
The nature of the endpoint continues to evolve and diversify. According to Anne Bailey, Senior Analyst, KuppingerCole: “The many connected devices that employees use in their working-from-home environment have contributed to the breakdown of the corporate IT infrastructure and network, including printers.”
Introducing HP Wolf Security
In response to these challenges, HP is today announcing HP Wolf Security: a newly integrated portfolio of secure by design PCs and printers, hardware-enforced endpoint security software, and endpoint security services to protect customers from growing cyber threats.1
The company’s new HP Wolf Security platform builds on over 20 years of security research and innovation to offer a unified portfolio for customers focused on delivering comprehensive endpoint protection and cyber-resiliency.
To support the launch of HP Wolf Security, HP has created a series of creative videos, depicting common security scenarios that have come about due to the shift to remote working during the pandemic. These include: a child clicking on a phishing link when using a parent’s laptop, a compromise printer being used to send malicious spam to the rest of the company, and an IT team being blindsided by a cyberattack. These videos, starring Christian Slater as ‘The Wolf’ – who walks the line between good and bad, putting to use his hacker mindset to show how an attacker might operate – help to demonstrate the impact of such events.