What's Inside

Cybersecurity threats are the norm in today's business environment.

According to the Identity Theft Resource Center, 2023 was a record year for cyberattacks in the U.S., with over 3,200 data breaches reported, up from 1,800 in 2022. Drata broke down how threats compare in office and remote settings, as well as how businesses can stay protected.

Attacks have greatly increased for many reasons, including human error, more sophisticated criminals, and access through vendor systems, Harvard Business Review reports. Total lack of cybersecurity is another issue. A STX Next global survey of more than 260 chief technology officers in 2023 found that 35% did not have cybersecurity measures in place at their company.

Cybercriminals' new favorite place to attack is the cloud. Although cloud technology has improved efficiencies, data storage, collaboration, and remote work, IBM reported it was involved in 82% of data breaches in 2023. Human configuration errors, companies allowing easy access, and unsecured backups make corporate clouds vulnerable and attractive to hackers.

Ransomware attacks have also gotten more dangerous, as criminals have started making copies of data on computers they've hacked before they lock them down. While waiting for ransom money, they also threaten to expose the stolen data.

Criminals have also found it easy to get into a company's network by going through another door via third-party vendors with access to their clients' systems. These vendors often have vulnerabilities in their own systems that hackers target and use to gain access to the vendor's clients.

A cyberattack can wreak havoc on a business, and compromised data is just the tip of the iceberg. Attacked companies experience public embarrassment, decreased stock prices, lost revenues, employee downtime, and costs of fixing the breaches. In 2022, data breaches cost U.S. companies an average of $9.44 million, per IBM.

The proliferation of remote work has concerned some companies, as it could mean additional vulnerability points, but research shows that that's not necessarily the case.

In the Office

In-house IT teams often implement security policies to keep corporate data safe. Secure networks with firewalls, strong passwords, multi-factor authentication, malware detection, updated software, and backups are some elements teams use to maintain security. Some companies do not allow employees to take home their computers to prevent them from being lost or stolen.

Smaller businesses don't always have dedicated resources and staff working in IT, but the Federal Communications Commission recommends companies develop and implement cybersecurity policies. Outsourcing and automating some tasks, such as software patches and backups, can secure small businesses with tighter budgets.

Remote Workplaces

The work-from-home trend has become permanent for many workers. According to BLS, as of November 2023, 16.4% of people in management and professional roles exclusively telework, as do 12% of people in sales and office jobs.

Remote work can conjure up images of employees sitting in coffee shops or libraries with free Wi-Fi. However, publicly available Wi-Fi can make devices vulnerable, especially if employees inadvertently join a malicious network. Tools like multifactor authentication, single sign-on, and virtual private networks can help mitigate the risks around remote connectivity.

A study published in the July 2023 issue of Computers & Security found that remote workers are more vigilant about cybersecurity because they don't assume they have the same protections they would in an office setting. Because remote workers don't have the same security, they aren't lulled into thinking they're safe and develop more knowledge and awareness about the threats they can face.

Training is key for companies to keep their data safe. It's essential for offices of any size—for both in-office and remote workers—because employees are often the first targets and first line of defense for cyberattacks. Building awareness of how criminals phish for data and target corporate networks can cut down on the success rate of attacks.