Businesses are feeling more confident about securing hybrid work post-pandemic, according to new research from cybersecurity firm Thales.
Over eight-in-ten – 84% – of IT professionals in 2022 said they have “some degree” of confidence in their current user access security systems’ ability to enable remote work securely and easily, up from 56% in 2021.
In addition, 60% of these 2022 respondents said they were “highly confident” in the ability of these systems, compared to just 22% in 2021.
How are approaches to security changing?
The report notes some types of approaches to securing the organization are on the rise, with multi-factor authentication (MFA) adoption growing for internal and non-IT staff, increasing to 40% in 2022 compared to 34% in 2021.
However, widespread MFA adoption by businesses is still yet to be the norm according to the research with just over half (56%) having adopted MFA in their organizations.
The pandemic also reportedly impacted plans to deploy cloud-based access management, 45% of respondents worldwide plan to deploy this technology in 2022 compared to 41% in 2021 according to Thales.
The responses also revealed a 6% global increase in plans to deploy stand-alone MFA, up from 31% in 2021.
Garrett Bekker, Principal Analyst at 451 Research commented: “Just as the threat landscape has evolved, the tools and methods to handle the landscape have, too”.
“However, even with innovative tools and boosted confidence levels, security plans and approaches still need to adapt to the ever-changing threat environment”.
He added: “A greater shift towards a Zero Trust model would place access management in a central role in corporate security strategies, with a related reliance on MFA as a critical supporting enabler.”
Unfortunately, MFA alone can’t protect your business from harm 100% of the time.
Cybersecurity researchers from Sophos have highlighted that some bad actors are now stealing session cookies, which can allow them to bypass MFA as these tools perceive hackers as authenticated while they are using the stolen cookies.
According to Sophos, some of these cookies were being sold on the darknet black market Genesis.