Security and compliance challenges remain across distributed workforces
The post-COVID era has ushered in a transformative trend in remote working, with many organisations and teams embracing ongoing flexible arrangements, a defining feature of modern work culture.
According to Finder's Consumer Sentiment Tracker published in April, which is a monthly survey of around 1,000 Australian adults, 29% worked remotely in 2022. Not surprisingly, Gen Y is driving the remote working trend, with 44% saying they worked remotely. This is followed by over a third of Gen Z (36%), over a quarter of Gen X (27%) and just seven per cent of baby boomers. In 2023, 14% of Australians, the equivalent of 2.9 million people, plan to work remotely overseas, up from seven per cent in 2022.
This trend not only offers newfound freedom and work-life balance for employees but extends geographical boundaries for talent acquisition. Leveraging advanced communication tools and digital platforms, teams can more easily collaborate across distances, fostering a globalised workforce.
Whilst remote work has brought convenience, it has heightened cyber security risks. Employees operating outside secure office networks become vulnerable entry points for cyberattacks, and home Wi-Fi networks often lack robust defences, exposing sensitive data to potential breaches. Phishing attacks, for example, exploit the blurred lines between personal and professional online activities, preying on unsuspecting individuals, and inadequate device security and unsecured communication channels add to the threat.
To address the risks, ensuring proper employee training, strong encryption protocols, and multi-factor authentication is vital. As remote work endures, a vigilant stance against evolving cyber threats remains imperative to safeguard both organisational and personal digital landscapes.
Undoubtedly, the work-from-anywhere model is exacerbating the strain on IT and security teams, compounding existing device health and security challenges with a broad mix of networks, hardware, OS versions, and patches. To understand this in greater detail, we released research that revealed the increasing complexity in enterprise device environments, including operating system (OS) fragmentation and volume of applications, and how that is impacting security and compliance posture.
Whilst there are many tools and applications that enable employees to be productive, they do contribute to increased complexity. This complexity can create conflict among applications, impede the patching and maintenance of devices and applications, especially if those devices are remote, and lead to software failing or going offline over time.
The findings in Absolute Software's 2023 Resilience Index contradicted the long-held belief that having more security solutions directly equates to more protection. By leveraging the analysis of anonymised data from millions of customer devices around the world, we provide insights and benchmarks for organisations looking to strengthen cyber resilience in today's widely distributed, hybrid workplaces.
In Asia Pacific, our telemetry data revealed that 94% of the 69,000 devices analysed use Microsoft Windows, with 77% on Windows 10 (53,000). Across this device population, the average patch age for Windows 10 devices is 109 days, whereas, for those operating Windows 11 (11,000 devices), this patch age dropped to 25 days.
Surprisingly, we also found that 22% of the devices are not fully encrypted, and almost a quarter have not connected in the past 30 days. In fact, more than 12,000 dark devices last connected over six months ago. Furthermore, across the device population that we analysed, we found that 18% currently have 500+ instances of sensitive data.
Looking at device usage, the majority (53%) exhibit moderate usage, which is between four and eight hours/day. 25% show light usage (one to four hours/day), whilst 13% show heavy usage (more than eight hours/day).
Security that is not installed or working effectively cannot protect you. As such, the criticality of these security controls, especially among remote and hybrid workers, cannot be overstated, and the ability to keep them healthy is often oversimplified.
Even market-leading, world-class software requires repairing for many reasons: changes in the environment around it or new forms of risk introduced by adversaries or even by the user. By applying intelligence and automation to heal them, security teams can remediate the risk, restore the user experience, and ensure compliance.
Another key insight from the '2023 Resilience Index' is that distributed, highly mobile users compound complexity. The average number of enterprise device locations across Absolute customers in this region has grown 21% year-over-year, with an average of 4.5 locations per
device observed in May 2023.
Importantly, in hybrid work models, critical applications like Virtual Private Networks Zero Trust Network Access need to be deployed, installed, and up to date.
Embedded in the firmware of more than 600 million devices globally, Absolute enables visibility and control across endpoints, applications, and network connections. Using our self-healing capability, security teams can protect devices, data, and users and ensure that critical security controls operate at maximum effectiveness. This ensures the delivery of an optimal remote and mobile user experience, optimises application efficacy and strengthens security and compliance posture.