Dive Brief:

• Companies are planning to make significant upgrades in security amid long-term changes in their workplace functions, according to a report from Forrester Consulting on behalf of Tenable. As organizations shift toward a hybrid office environment, companies are implementing new policies and more sophisticated technology to protect office and remote security endpoints.
• About 92% of business executives experienced a compromise or cyberattack over the past 12 months, which led to a business disruption, loss of customer data, ransomware payout or theft of intellectual property. 
• About 80% of security leaders plan to increase network and data security spending, while about 75% of security leaders will increase spending on vulnerability management and cloud security.

Dive Insight:

The shift from traditional office work to a work-from-home environment had significant impacts on workplace security. Millions of workers operating outside of secure corporate offices opened an new attack surface for nation-state and criminal threat actors. 

One of the most significant changes in security was that security leaders lacked the ability to see the home environments of their own workers. At-home workers had little to no warning when threat actors were scanning and penetrating remote locations where sensitive company data was being shared between corporate and home-based networks. 

In many cases, stronger security measures that would have protected the extended perimeter were abandoned in favor of making sure companies could maintain operations and allow workers to remain productive, according to Nathan Wenzel, chief security strategist at Tenable. 

"I think organizations early on were really forced into a disaster recovery, business continuity kind of mode," Wenzel said. "Security took a back seat, quite frankly, and the way we implemented security just kind of went by the wayside."

Security leaders have experienced difficulties with getting workers to adhere to security rules that are designed to protect against outside threat actors, the report found. Just one-third of remote workers strictly adhere to security protocols, for example, using multifactor authentication, avoiding public Wi-Fi outlets or not using personal devices to access work. 

Many security departments were already understaffed and lacked the proper resources to maintain adequate security to protect their corporate environments before the pandemic, Wenzel said. Organizations had to make emergency decisions in order to keep the business up and running over the past year.

"So we made the best of a bad situation," he said. "I do know that a lot of folks are reevaluating their policies for security."

About 70% of organizations surveyed say they plan to have employees working remotely at least one or more days a week for the next 12 to 24 months, according to the research. 

The Forrester Consulting/Tenable research follows a number of earlier studies showing companies made significant compromises in order to maintain worker productivity. A recent study by HP Wolf, released earlier this month, showed younger employees have rebelled against strict security protocols and made it harder for security leaders to maintain security policy. 

The Forrester Consulting/Tenable report is based on an online survey of 426 security leaders, 422 business executives and 479 remote workers as well as in-depth telephone interviews conducted with six security and business executives. The study was conducted in April 2021 and followed the practices of large enterprises in multiple countries, including the U.S., U.K., Germany, France, Australia, Mexico, India, Brazil, Japan and Saudi Arabia.