Over 8 in 10 (84%) of people recently polled in Hong Kong say their employees are using unregistered devices to log into work platforms, and 68% say their employees spend more than 10% of the day working from these unregistered devices.
This is the major takeaway in a new study released yesterday by Cisco, which also points out that 89% of Hong Kong-based respondents saying logging in remotely for hybrid work has increased the likelihood of cybersecurity incidents.
“As hybrid work becomes the norm, companies are empowering their employees to work from anywhere. While this has brought many benefits, it is also opening new challenges, especially on the cybersecurity front,” said Yoshiyuki Hamada, managing director for security sales at Cisco Asia Pacific, Japan and Greater China (APJC).
“With organisations not knowing where an employee will log on from, when he or she will do so, and what device they may use, threat can emanate from everywhere.”
Yashiyuki Hamada, Cisco APJC
This scenario is further complicated by employees logging into work from multiple networks across their homes, local coffee shops, and even supermarkets. About 90% of respondents in Hong Kong say their employees use at least two networks to log in to work, and 28% say their employees use more than five networks.
Unregistered devices adds new layer to cybersecurity complexity
Indeed, the use of unregistered devices is adding a new layer of challenge for security professionals as they tackle complexities in the current threat landscape.
About 38% of respondents in Hong Kong said they had experienced a cybersecurity incident in the past 12 months. The top three types of incidents suffered were malware, phishing and denial of service attacks.
The report also finds that 87% of the city’s security leaders say cybersecurity incidents are likely to disrupt their businesses over the next 12-24 months. However, they are gearing up to protect themselves from internal and external threats.
“To make hybrid work truly successful in the long run, organisations really need to think about security resilience to protect their business and they must be able to identify, prevent and respond to threats across their network - whether it is on-premises or on the cloud,” said Hamada.
Among those who suffered an incident, 73% said it cost them at least US$100,000 (around HK$780,000), and 41% said it cost them at least US$500,000 (around HK$3,900,000).
The challenges are increasingly well recognised, and 87% of those surveyed in Hong Kong expect their organisation to increase its cybersecurity budget by more than 10% over the next year, while 88% expect upgrades to IT infrastructure within the next 24 months.
“Cybersecurity incidents are costing Hong Kong companies a lot of money. As we transition toward more permanently hybrid working patterns, companies need new threat response strategies to effectively anticipate and identify incoming threats from multiple networks,” said Wilson Ching, general manager at Cisco Hong Kong and Macau.
The report titled "My Location, My Device: Hybrid work’s new cybersecurity challenge", surveyed 6,700 security professionals from 27 markets. It highlights the concerns of security professionals around the use of unregistered devices and potentially unsecured networks to access work platforms and the risks associated with such behaviour.
