As companies recognize the benefits of hybrid work, the new setup also increases security vulnerability mainly due to the use of unregistered devices and unsecured networks, according to the study by software solutions firm Cisco. In the Philippines, the study found more than 8 in 10 or 87% of respondents say their employees are using unregistered devices to log into work platforms.

Hybrid work enables the workforce to collaborate using different platforms but it also means using their own devices and connecting to networks — even public WiFi — to ensure business continuity. About 75% of respondents say their employees spend more than 10% of the day working from these unregistered devices.

“In a digital-first hybrid world, cybersecurity threats not only impact IT, but also financial, operational, organizational, and supply chain practices,” said Zaza Nicart, managing director, Cisco Philippines.

Cisco launches Zero Trust assessment tool to help SMBs with cybersecurity
Cisco study underscores the importance of cybersecurity in a hybrid work setup

This risk associated with such a practice is recognized by security leaders with 89% of respondents in the Philippines saying logging in remotely for hybrid work has increased the likelihood of an occurrence of cybersecurity incidents.

Malware, phishing

This scenario is further complicated as employees are logging into work from multiple networks across their homes, local coffee shops, and even supermarkets. About 91% of respondents in the Philippines say their employees use at least two networks for logging into work, and 47% say their employees use more than five networks.

The report titled “My Location, My Device: Hybrid work’s new cybersecurity challenge,” surveyed 6,700 security professionals from 27 countries, including 150 security professionals from the Philippines. It highlights concerns of security professionals around the use of unregistered devices and potentially unsecured networks to access work platforms and the risks associated with such behaviors.

The use of unregistered devices is adding a new layer of challenge for security professionals as they tackle complexities in the current threat landscape. More than 7 out of 10 respondents (77%) in the Philippines said they had experienced a cybersecurity incident in the past 12 months. The top three types of attacks suffered were malware, phishing, and data leaks.

Costs of cyber incidents

Among those who suffered an incident, 69% said it cost them at least $100,000, and 38% said it cost them at least $500,000.

The report also found 85% of the security leaders in the Philippines stated that cybersecurity incidents are likely to disrupt their businesses in the next 12-24 months. The bright side is that they are gearing up to protect themselves from internal and external threats.

With the challenges well recognized, 87% of security leaders in the Philippines expect their organization to increase its cybersecurity budget by more than 10% over the next year, and 95% expect upgrades to IT infrastructure in the next 12-24 months.

“With hybrid work here to stay, it is crucial that Filipino organizations revisit their overall IT and security strategy to ensure that resilience is interwoven into the fabric of their business from the network to the endpoint and the cloud edge,” Nicart said. “People are a cornerstone of fostering this resilience. Organizations need to educate their people on the challenges that unregistered devices and unsecured connections pose to compromised credentials and cyber threats,”