HP Inc.

05/12/2021 | Press release | Distributed by Public on 05/12/2021 04:53

HP Wolf Security Study Reveals Growing Cyber Security Risk Driven by Remote Work

Press Releases

HP Wolf Security Study Reveals Growing Cyber Security Risk Driven by Remote Work

May 12, 2021

PALO ALTO, Calif. May 12, 2021 - HP Inc. (NYSE: HPQ) today released its HP Wolf Security Blurred Lines & Blindspots Report, a comprehensive global study assessing organizational cyber risk in an era of remote work.

The report shows that changing work styles and behaviors are creating new vulnerabilities for companies, individuals, and their data. According to the findings, 70% of office workers surveyed admit to using their work devices for personal tasks, while 69% are using personal laptops or printers for work activities. Almost one-third (30%) of remote workers surveyed have let someone else use their work device.

As a result of these and other behaviors, home workers are increasingly being targeted by hackers. KuppingerCole, an international, independent analyst firm that contributed to HP's report, notes there has been a 238% increase in global cyberattack volume during the pandemic.

'As the lines between work and home have blurred, security risks have soared and everyday actions such as opening an attachment can have serious consequences,' comments Joanna Burkey, Chief Information Security Officer (CISO), HP Inc. 'Without all of the pre-pandemic sources of visibility of devices, and how they are being used and by who, IT and security teams are working with clouded vision.'

HP's report coincides with the launch of HP Wolf Security, the company's newly integrated portfolio of secure by design PCs and printers, hardware-enforced endpoint security software, and endpoint security services.1 The study provides a multi-dimensional view by combining findings from: a global YouGov online survey of 8,443 office workers; a global survey of 1,100 IT Decision Makers (ITDMs), conducted by Toluna; real-world threat telemetry gathered from customers within HP Sure Click Virtual Machines; and analysis from KuppingerCole.

Key findings include:

  • 76% of office workers surveyed say working from home during COVID-19 has blurred the lines between their personal and professional lives.
  • 27% of office workers surveyed say they know they are not meant to share work devices but felt they 'had no choice' - yet 85% of ITDMs worry such behavior increases their company's risk of a security breach.
  • Half of office workers say they now see their work devices as a personal device, while 84% of ITDMs worry such behavior increases their company's risk of a security breach.
  • Over the past year: 54% of ITDMs saw an increase in phishing; 56% an increase in web browser related infections; 44% saw compromised devices being used to infect the wider business; while 45% saw an increase in compromised printers being used as an attack point.

Blurred lines between home and office creating new risks

71% of employees surveyed say they access more company data, more frequently, from home now than they did pre-pandemic - with the most common types of data being accessed being: customer and operational data (43% each) and financial and HR records (23% each). At the same time, HP Wolf Security report shows office workers surveyed are increasingly using their work devices for personal tasks. For example:

  • 33% download more from the internet than prior to the pandemic - a figure that rises to 60% for those aged 18-24.
  • 27% of respondents use their work device to play games more than prior to the pandemic - a figure rises to 43% for parents of children aged 5-16.
  • 36% use their work device for watching online streaming services - again, this figure rises to 60% among those aged 18-24.
  • Four in ten office workers admit to using their work device for homework and online learning more in the past year. A figure that rises to 57% for parents of children aged 5-16.

Hackers are taking advantage of these shifting patterns to tailor their phishing campaigns. According to KuppingerCole, there was a 54% increase in malicious actors exploiting gaming platforms between January and April 2020, often directing users to phishing pages. HP Wolf Security's Threat Insights showed an increase in gaming-themed malware; with Ryuk ransomware and samples of stealthy JavaScript downloader malware, Gootloader, masquerading as Fortnite hacks.

KuppingerCole also found at least 700 fraudulent websites impersonating popular streaming services were identified in just one 7-day period in April 2020. Added to this, HP Wolf Security Insights showed users attempting to download malware-infected files - including ransomware - from their personal email accounts to their work devices. Had these customers not been protected by HP Wolf Security micro-virtualisation then these incidents would have resulted in a breach, as they had successfully evaded all other layers of security.

Office workers connecting to corporate networks with insecure devices

Aside from misusing work devices for personal reasons, office workers are also using potentially insecure devices to connect to the corporate network. 88% of ITDMs say they worry their risk of breach has risen because employees are using personal devices for work that were not built with business security in mind. They are right to worry, the YouGov online survey within HP's report shows 69% of office workers surveyed have used their personal laptop or personal printer/scanner for work activities more often since the start of the pandemic to complete tasks:

  • 37% used a personal PC/laptop to access work applications.
  • 32% used their personal PC/laptop to access the main corporate network and servers.
  • Over a third (34%) used their home printer to scan and share documents with colleagues and customers.
  • One in five (21%) have used their home printer to save files to the network over the VPN.

'More than half (51%) of ITDMs have seen evidence in their company of compromised personal PCs being used to access company and customer data in the past year. This is a huge risk that could lead to exposed company data, reputational damage, non-compliance and loss of customer trust,' comments Ian Pratt, Global Head of Security, Personal Systems, HP Inc.

The endpoint as the first line of defense

82% of office workers surveyed for the HP Wolf Security report said they had worked from home more since the start of the pandemic than previously, while 39% expect to predominately work from home post-pandemic or split their time equally between home and office-based working. Therefore, many of these risks will remain once the world returns to 'normal'.

An increasingly inevitable outcome of this is that distributed workers are no longer protected by the corporate firewall. Analysis for the report from KuppingerCole shows that globally in 2020, endpoints connected to the internet were experiencing 1.5 attacks per minute. As a result, 90% of ITDMs say the pandemic experience of 2020 has highlighted the growing importance of strong endpoint security in defending the increasingly perimeter-less organization; while 91% say endpoint security has become equally important as network security.

The nature of the endpoint continues to evolve and diversify. According to Anne Bailey, Senior Analyst, KuppingerCole: 'The many connected devices that employees use in their working-from-home environment have contributed to the breakdown of the corporate IT infrastructure and network, including printers.'

Introducing HP Wolf Security

In response to these challenges, HP is today announcing HP Wolf Security: a newly integrated portfolio of secure by design PCs and printers, hardware-enforced endpoint security software, and endpoint security services to protect customers from growing cyber threats.1

The company's new HP Wolf Security platform builds on over 20 years of security research and innovation to offer a unified portfolio for customers focused on delivering comprehensive endpoint protection and cyber-resiliency.

To support the launch of HP Wolf Security, HP has created a series of creative videos, depicting common security scenarios that have come about due to the shift to remote working during the pandemic. These include: a child clicking on a phishing link when using a parent's laptop, a compromise printer being used to send malicious spam to the rest of the company, and an IT team being blindsided by a cyberattack. These videos, starring Christian Slater as 'The Wolf' - who walks the line between good and bad, putting to use his hacker mindset to show how an attacker might operate - help to demonstrate the impact of such events.

About the research

The HP Wolf Security Blurred Lines & Blindspots report is based on findings from:

  1. A YouGov survey of 8,443 adults in the US, the UK, Mexico, Germany, Australia, Canada and Japan who used to be office workers, and worked from home the same amount or more than before the pandemic. Fieldwork was undertaken between 17th - 25th March 2021. The survey was carried out online.
  2. A Toluna survey of 1,100 IT decision makers in the UK, the US, Canada, Mexico, Germany, Australia and Japan. Fieldwork was undertaken between 19th March - 6th April 2021. The survey was carried out online.
  3. The 2020 Cybersecurity Threat Landscape for Remote Workers as a Result of the COVID-19 Pandemic port from Kuppinger Cole, conducted in March 2020. This provides context and analysis of the changing work landscape in 2020 as a result of the COVID-19 pandemic with attention to the activities and practices of companies and employees globally, as well as the activities and tendencies of malicious actors to vulnerabilities that arose because of the changing context.
  4. Threat data captured within HP customer Sure Click virtual-machines, and analysis from the HP Threat Intelligence team

About HP

HP Inc. creates technology that makes life better for everyone, everywhere. Through our product and service portfolio of personal systems, printers and 3D printing solutions, we engineer experiences that amaze. More information about HP Inc. is available at http://www.hp.com.

About HP Wolf Security

From the maker of the world's most secure PCs2 and Printers3, HP Wolf Security is a new breed of endpoint security1. HP's portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.

Media Contacts

Vanessa Godsal, HP
[email protected]
www.hp.com/go/newsroom
Disclaimer

©Copyright 2021 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the expresswarranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

1 HP Security is now HP Wolf Security. Security features vary by platform.

2 Based on HP's unique and comprehensive security capabilities at no additional cost among vendors on HP Elite PCs with Windows and 8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors and higher; HP ProDesk 600 G6 with Intel® 10th Gen and higher processors; and HP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th Gen processors and higher.

3 HP's most advanced embedded security features are available on HP Enterprise and HP Managed devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of 2021 published features of competitive in-class printers. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit: hp.com/go/PrintersThatProtect. For more information, visit: hp.com/go/PrinterSecurityClaims.