KUALA LUMPUR (Dec 1): As hybrid work enables employees to work from anywhere and ensure business continuity for enterprises, the use of unregistered devices by employees to access work platforms is adding new security challenges for organisations in Malaysia.
A new independent study commissioned by Cisco and released on Thursday (Dec 1) said that more than eight in 10 (83%) respondents in Malaysia said their employees are using unregistered devices to log into work platforms.
About 75% said their employees spend more than 10% of the day working from these unregistered devices.
The study said this risk associated with such a practice is recognised by security leaders with 93% of respondents in Malaysia saying logging in remotely for hybrid work has increased the likelihood of occurrence of cybersecurity incidents.
This scenario is further complicated as employees are logging into work from multiple networks across their homes, local coffee shops, and even supermarkets.
Some 93% of respondents in Malaysia said their employees use at least two networks for logging into work, and nearly half (49%) said their employees use more than five networks.
The report titled My Location, My Device: Hybrid work’s new cybersecurity challenge surveyed 6,700 security professionals from 27 countries, including 150 security professionals from Malaysia.
It highlighted concerns of security professionals around the use of unregistered devices and potentially unsecured networks to access work platforms and the risks associated with such behaviours.
Cisco Asean cybersecurity director Juan Huat Koo said as hybrid work becomes the norm, companies are empowering their employees to work from anywhere.
“While this has brought many benefits, it is also opening new challenges, especially on the cybersecurity front, as hackers can now target employees beyond traditional corporate network perimeters.
“To make hybrid work truly successful in the long run, organisations need to protect their business with security resilience.
“This includes establishing visibility on their networks, users, endpoints, and applications to acquire insights into access behaviours, leveraging these insights to detect threats, and harnessing threat intelligence to respond against them on-premises or in the cloud,” he said.
The study said over half of respondents (55%) in Malaysia said they had experienced a cybersecurity incident in the past 12 months.
The top three types of attacks suffered were phishing, malware, and data leaks.
The study added that among those who suffered an incident, 74% said it cost them at least US$100,000, and 35% said it cost them at least US$500,000.
The report also found 95% of the security leaders in Malaysia believe cybersecurity incidents are likely to disrupt their businesses in the next 12-24 months.
With the challenges well recognised, 91% of security leaders in Malaysia expect their organisations to increase their cybersecurity budgets by more than 10% over the next year, and 96% expect upgrades to IT infrastructure in the next 12-24 months.