“Fear Fatigue” Threatens Cybersecurity of Employees Working from Home
- 61 percent of IT decision makers acknowledge that employees are experiencing fear fatigue, leading to cybersecurity risks
- More than 70 percent of respondents said they now spend more on cybersecurity tools, cloud-based software tools, and IT support and management staff
- Health concerns (71 percent) and distractions in-office (35 percent) cited as employee concerns for returning to traditional office
SANTA CLARA, Calif., Dec 14, 2021 Malwarebytes, a global leader in real-time cyberprotection, today announced the findings from its latest survey examining how the impact of the global pandemic and an increasing hybrid workforce is impacting cybersecurity and changing the face of work environments forever, particularly small to medium sized businesses.
“While organizations showed great versatility in shifting to dispersed work environments during the pandemic, it also brought to light the need for an entirely different and more robust approach to security that offers more education and support to employees,” said Adam Kujawa, Director of Malwarebytes Labs. “We have more threats coming through on less secure personal networks and a rise in brute force attacks to reach businesses through remote desktop protocols. We need a holistic approach that secures employees no matter what network they are on or what device they are using.”
In the spring of 2020 as the COVID-19 pandemic was beginning, Malwarebytes surveyed 200 IT decision makers (ITDMs) and C-level executives about how the lockdowns affected their cybersecurity practices. Now, 18 months later, Malwarebytes surveyed ITDMs and C-suite executives again. The report, “Still Enduring from Home,” reveals how the ongoing pandemic and resulting remote and hybrid workforce is reshaping how organizations and employees secure data as well as their feelings about cyberthreats.
Survey Finds “Fear Fatigue” is Real
The new data suggests that complacency brought about by fear fatigue is a growing threat for cybercrime and data loss:
• Malwarebytes’ survey found that 61 percent acknowledge that employees experiencing fear fatigue, with 27 percent feeling particularly overwhelmed by fear.
• Almost 80 percent of survey respondents reported some level of jadedness or “fear fatigue” within their organization.
Defined as the “demotivation to follow recommended protective behaviors, emerging gradually over time and affected by a number of emotions, experiences, and perceptions,” fear fatigue can often lead to careless behavior, such as opening an email attachment without properly scrutinizing the sender or neglecting to turn on a VPN while using public WiFi.
The Weakest Link: The Reckless One Percent Endanger the Trusted Majority
Despite the challenges of remote work, ITDMs continued to be confident in employees following security best practices:
• Most respondents (61 percent) said they think their employees are “very aware” or “acutely aware” of the cybersecurity best practices, only a slight decrease from the initial report of 64 percent.
• The survey revealed that only a small group reported that their employees “don’t care enough” about cybersecurity best practices (3 percent) and a few employees who are considered “reckless” (1.5 percent). While small, this population still poses a large risk as an organization’s cybersecurity posture is only as strong as its weakest link.
Cybersecurity Spending Habits Changing
Hybrid work environments have driven changes in spending on cyberprotection:
• More than 70 percent of respondents said they now spend more on cybersecurity tools, cloud-based software tools, and IT support and management staff.
o 71 percent saw an increase in the use of password management tools
o 66 percent reported an increase in the use of VPNs
o 65 percent increased their use of data management and backup platforms
• Despite the increase in spending on cybersecurity tools, 62 percent were concerned about accidentally exposing data, while 51 percent harbored concerns that cloud-based collaboration tools may not offer adequate security especially as use increased significantly.
• A significant number (60 percent) also reported spending more on hardware, which is consistent with increased hardware spending in the original report (62 percent) at the beginning of the pandemic, when many organizations provided hardware for remote work environments.
• 55 percent revealed that their organizations have made some improvements in their cybersecurity posture since the beginning of the pandemic:
o 70.5 percent – Implemented new cybersecurity trainings
o 74 percent – Implemented new tools
Despite many businesses allowing employees to work remotely for over 18 months, the use of personal devices by employees for work-related tasks remains rampant with 58 percent of ITDMs reporting that employees are using personal devices to work in some capacity.
“Given that personal devices are often not secured or protected as well as work devices, this can significantly increase and organizations’ threat surface for potential cyberattacks,” Kujawa explained. “Stronger awareness and overall protection that help keep threats at bay has improved for many organizations over the course of the pandemic according to the survey. However, with cyberattacks and threats continuing to escalate, organizations need a robust, layered security approach that puts in failsafe measures for the inevitable human error that comes with fear fatigue, providing the confidence needed for employees to work securely and productively from anywhere.”
To learn more about Malwarebytes report, “Still Enduring From Home,” please visit: https:// www.malwarebytes.com/resources/still-enduring-from-home/index.html
To read more about Malwarebytes visit our blog, or follow us on Facebook, Instagram, LinkedIn, TikTok, and Twitter.