Use of Unregistered Devices by Employees has Increased Risks Around Hybrid Work

 Nearly 9 in 10 (89%) respondents in Singapore say their employees are logging in to work from  unregistered devices 

• 94% say unregistered devices are likely to cause cybersecurity incidents for their organization

• Cybersecurity incidents, including malware, phishing, and denial of service attacks, are costing  85% of organizations at least US$100,000

As hybrid work empowers employees to work from anywhere and  ensure business continuity for enterprises, the use of unregistered devices by employees to access  work platforms is adding new security challenges for organizations in Singapore, according to a new  Cisco study. 

Nearly 9 in 10 (89%) respondents in Singapore say their employees are using unregistered devices to  log into work platforms. About 77% say their employees spend more than 10% of the day working  from these unregistered devices.  

This risk associated with such a practice is recognized by security leaders with 89% of respondents in  Singapore saying logging in remotely for hybrid work has increased the likelihood of occurrence of  cybersecurity incidents. 

This scenario is further complicated as employees are logging into work from multiple networks across  their homes, local coffee shops, and even supermarkets. About 91% of respondents in Singapore say  their employees use at least two networks for logging into work, and 35% say their employees use  more than five networks.  

The report titled “My Location, My Device: Hybrid work’s new cybersecurity challenge”, surveyed  6,700 security professionals from 27 countries, including 150 security professionals from Singapore. It  highlights concerns of security professionals around the use of unregistered devices and potentially  unsecured networks to access work platforms and the risks associated with such behaviors. 

“As hybrid work becomes the norm, companies are empowering their employees to work from  anywhere. While this has brought many benefits, it is also opening new challenges, especially on the  cybersecurity front, as hackers can now target employees beyond traditional corporate network  perimeters. To make hybrid work truly successful in the long run, organizations need to protect their  business with security resilience. This includes establishing visibility on their networks, users,  endpoints, and applications to acquire insights into access behaviors, leveraging these insights to  detect threats, and harnessing threat intelligence to respond against them on-premises or in the  cloud,” Director, Cybersecurity, Cisco ASEAN Juan Huat Koo said. 

The use of unregistered devices is adding a new layer of challenge for security professionals as they  tackle complexities in the current threat landscape. 6 out of 10 respondents in Singapore said they  had experienced a cybersecurity incident in the past 12 months. The top three types of attacks suffered were malware, phishing, and denial of service attacks.  

Among those who suffered an incident, 85% said it cost them at least US$100,000, and 58% said it  cost them at least US$500,000.

The report also found 85% of the security leaders in Singapore stating that cybersecurity incidents are  likely to disrupt their business in the next 12-24 months. The bright side is that they are gearing up to  protect themselves from internal and external threats.  

With the challenges well recognized, 90% of security leaders in Singapore expect their organization to  increase its cybersecurity budget by more than 10% over the next year, and 94% expect upgrades to  IT infrastructure in the next 12-24 months. “As Singapore moves towards a digital future, we need to confront a new world of increasingly  complex and sophisticated threats. With the workforce distributed in today’s hybrid work  environment, it is critical for businesses to move away from stand-alone security to security resilience  which looks at detection, response, and recovery on a single, integrated platform. People are a  cornerstone for fostering this resilience. Businesses first need to educate their workforce on security  best practices then use technology as the eyes and ears of the network, leverage actionable  intelligence to take the right action where it’s most important, and automate that response so they  can emerge stronger from threats,” said Andy Lee, Managing Director, Cisco Singapore and Brunei.