Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

Spotlight on Brazil: Remote Work Requires New Risk Management Practices

Spotlight on Brazil: Remote Work Requires New Risk Management Practices

Remote work is here to stay — along with the risks it introduces to Brazilian organizations, if not managed properly. Here's what you need to know.

The pandemic forced many Brazilian organizations to shift employees from working largely in offices to entirely remote in the blink of an eye. Technology was the enabler of this fast-paced change, but not without consequences.

The attack surface has expanded, bringing new and unmanaged cyber risk. In fact, six out of 10 Brazilian leaders said the number of business-impacting* cyberattacks increased with the pandemic and 75% attributed recent business-impacting cyberattacks to vulnerabilities in technology implemented in response to the pandemic.

The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 118 respondents in Brazil. The study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work, was conducted by Forrester Consulting on behalf of Tenable in April 2021.

Remote work introduces new business risks 

The move to a hybrid work model in Brazil required three significant shifts, all of which served to atomize the attack surface:

  1. Dissolving traditional workplace perimeters and providing technology that enables employees to work from anywhere

  2. Moving business-critical functions to the cloud 

  3. Rapidly expanding the software supply chain with new tools for collaboration, communication and productivity

Today, 78% of Brazilian organizations have adopted remote work, with 83% planning to make it permanent in the next 1-2 years; 7% have already made the transition. These changes present significant challenges for security teams as the corporate attack surface expands. Eighty-two percent of remote workers in Brazil have six or more devices connected to their home networks, and many admit to using a personal device to access customer data (55%) and financial records (38%). What's more, 64% of security leaders say employees lack awareness of the available measures to secure home networks and personal devices. The majority of business and security leaders (59%) lack visibility into employee security practices.

As part of this new world of work, business functions are now cloud based. Today 69% of Brazilian organizations moved business-critical functions to the cloud and 82% moved non-business-critical functions. Yet, 97% of business and security leaders believe moving business critical functions to the cloud has increased their organizations' cyber risk.

Expanding the use of third-party software and other services also played a major role in enabling remote work while introducing new risk. More than three-quarters (78%) of Brazilian companies expanded their software supply chain and 76% enhanced existing digital platforms and services to meet changing customer needs. But the majority of business and security leaders in Brazil believe the expanded software supply chain (56%) and the creation of new digital platforms (64%) exposed them to more risk.

Unsurprisingly, 84% of Brazilian executives raised concerns that remote work increased their cyber risk.

Attackers capitalize on workforce changes

Executives' concerns are certainly warranted: the study found that cybercriminals overwhelmingly took advantage of the technology changes that facilitated remote work in Brazil. In fact, 92% of Brazilian organizations experienced a business-impacting cyberattack in the last 12 months.

When looking at the focus of these attacks:

  • 72% of business and security leaders say the attacks targeted remote workers 

  • 66% report they involved an unmanaged personal device used in a remote work environment 

  • 59% say they involved cloud assets 

  • 43% cited VPN flaws or misconfigurations as the cause

  • 41% report the attacks resulted from home router flaws or misconfiguration. 


Securing the new world of work

The new world of work that combines in-office and remote work is here to stay. As a result, security and business leaders are turning their eyes forward and planning to increase investments to fill those gaps. In the next 1-2 years, leaders said the focus will be cloud-based productivity tools (83%), data security (80%) and vulnerability management (78%) solutions. 

Securing the new world of work requires a new mindset. It's crucial that organizations gain a holistic view of their risk profile and re-evaluate their cybersecurity strategies to align with the new realities of the modern workplace and ensure businesses aren't left vulnerable.

If cybersecurity strategy fails to keep pace with business changes, today's risk could become tomorrow's reality.

*A business-impacting cyberattack is one which results in one or more of the following outcomes: loss of customer, employee, or other confidential data; interruption of day-to-day operations; ransomware payout; financial loss or theft; and/or theft of intellectual property.

View more study highlights here

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.