Organisations Facing Greater Risk of Ransomware Cyberattacks as More Workers Shop on Company-Owned Devices


Research launched today by Menlo Security, a leader in cloud security, reveals increased cybersecurity risks posed to employees and organisations during the 2021 Christmas shopping season. The new research – which surveyed 2,000 employed people in the United States and the United Kingdom – found that while employees are concerned about threats and are taking some measures to mitigate them, they often have false confidence in their security posture.

There are now more threats to corporate devices and networks than ever as hybrid work models blur the boundaries between work and home. More than half of respondents (53 per cent UK; 56 per cent US); reported performing non-work-related tasks – such as online shopping – on company devices. Furthermore, the survey found that 63 per cent of people in the UK (65 per cent US) are doing more online Christmas shopping in 2021 compared to previous years, and nearly half of respondents (45 per cent UK; 48 per cent US), reported shopping for gifts this festive season on a work-issued device such as a laptop or mobile phone.

Workers are also noticing a rise in cyber threats this festive season, with 48 per cent of respondents in the UK (58 per cent US) observing an increase in scams and fraudulent messages, exemplifying that threats are rampant worldwide. This is worrying many people, as the vast majority of respondents (80 per cent UK & US) report being somewhat to very concerned about their personal data being stolen while online shopping.

However, despite workers’ recognition and concern of cyber threats, 65 per cent of people (60 per cent US) still believe they’re secure from cyberthreats if they’re using a company device.

“Workers are becoming increasingly aware of the threats that loom while browsing the web, however they have a false sense of security about the level of protection they have when using corporate devices. As a result, they are unintentionally exposing their corporate networks to a slew of vulnerabilities,” said Mark Guntrip, senior director, cybersecurity strategy at Menlo Security. “More employees are using company-issued devices for not only work, but also personal tasks like shopping and banking, which is putting entire networks at risk of being breached. To mitigate this risky behaviour, organisations must make it a priority to adopt a Zero Trust security approach to prevent cyberattacks before they happen and ensure that they’re protected if they do fall victim to bad actors.”

Workers depend on laptops, mobile devices and the web to conduct work no matter where they’re located and many of these tasks are being done in the browser. The Menlo Security survey found that 70 per cent of people (76 per cent US) spend one or more hours in a browser each day conducting work tasks. An industry report from Forrester and Google found that business users spend 75 per cent of their workday either working in a web browser or attending virtual meetings – which is in turn making them susceptible to hackers who lurk on the web.

The research also shows that:

  • Employees are aware of potential threats: Out of various online threats, malware is the most recognised in both the US and UK (mentioned by 81 per cent of UK respondents and 76 per cent in the US) This was followed by ransomware, with 61 per cent of UK & US respondents reporting they are aware of this threat; credential phishing at 45 per cent UK & 40 per cent US; and HTML smuggling at 16 per cent UK & 19 per cent US. A total of 12 per cent of respondents (16 per cent US) were not familiar with any of these cyber-attack methods.

  • Employees are taking some measures to protect themselves: Strong passwords were the most popular protective measure reported by respondents globally (71 per cent UK; 75 per cent US.), and 58 per cent of people (59 per cent US) reported they are using anti-virus software to protect themselves when shopping online. Other protective measures include shopping only on websites of familiar retailers (55 per cent UK & US), confirming that URLs/emails do not have suspicious characters (37 per cent UK and 43 per cent US), checking for the lock next to a URL (46 per cent UK and 40 per cent U.S), and having a dedicated card for online shopping (20 per cent UK and 28 per cent US). Only 3 per cent (4 per cent US) claim that they do not take any of these protective measures while shopping online.

  • Generational trends impact shopping habits: The youngest workers (18-24 years old) most often reported an increase in Christmas shopping this season (79 per cent U.K; 76 per cent U.S). There was a lower percentage for each subsequent age group, with 71 per cent (68 per cent US) for those 35-44, and only 39 per cent (40 per cent US) for those over 65 years old. Younger generations may also be more attuned to cyber-threats, with younger groups more often reporting they have noticed an increase in scams/fraudulent messages.


Menlo Private Access

Menlo Security has a clientless-first approach to implementing Zero Trust Network Access, enabling organisations to secure access to applications from all devices – including managed, unmanaged, and mobile devices. This approach minimises the workload on IT and security for deployment, while maximising the security posture of the company. The clientless-first approach can be augmented with a client for use cases that specifically require client-based access.

Unlike many ZTNA solutions that cannot monitor traffic being sent and received between an end user and a controlled application, Menlo Private Access ensures that security policy is always enforced by remaining inline between the end user and protected applications; utilising our Elastic Isolation Core as a control point to prevent sensitive data loss and stop potential malware from reaching the endpoint.