Hybrid workers are still causing major security headaches

Phishing
(Image credit: Vektor Illustration/Shutterstock)

With the majority of business owners finding it more difficult to defend against cyber-threats compared to the pre-pandemic period, hybrid workers have once again been blamed for cybersecurity headaches. 

A new survey from endpoint management provider Tanium  found that employees are the “main cause” of avoidable security incidents. 

More precisely - employees clicking on links and attachments sent in phishing emails.

Avoidable incidents

According to Tanium, more than half (54%) of the respondents have had their staff interact with malicious content sent via email, making it the most common facilitator of cyberattacks. In public sector organizations, 64% found avoidable security incidents caused this way. What’s more, 71% of business owners claim it’s more difficult to defend against threats, with the introduction of hybrid workers (following the pandemic).

The second-highest avoidable incident (50%) is security misconfiguration, including things like poor password hygiene, or employees outright failing to protect sensitive data with any form of credentials. 

Tanium also says that things would be a lot better if these firms had the right assets. The third most common avoidable incident is the lack of cybersecurity software that can prevent cyberattacks (47%). In fact, some companies fail to use even the most mainstream cybersecurity tools, it added. For example, only 19% use web vulnerability scanning, 17% use penetration testing software, and 11% have used packet sniffers for at least five years.

Going forward, most organizations will look to defend themselves by investing in threat detection and endpoint security a bit more. Almost half (49%) will focus on threat detection next year, while just slightly less (46%) will focus on endpoint security. Finally, the third-highest area of planned investment is in data recovery and backup tools (45%).

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
person at a computer
Many workers are overconfident at spotting phishing attacks
Phishing
Corporate executives are being increasingly targeted by AI phishing scams
A padlock resting on a keyboard.
AI-powered cyber threats demand enhanced security awareness for SMEs and supply chains
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Latest in Security
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Latest in News
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning