Latest News

API Vulnerabilities Heat Up: ThreatX Survey Uncovers More Than Half of Employees Rely on Personal Mobile Devices For Work During Summer Months

Survey reveals 33% of employees in the US and UK are less likely to worry about cybersecurity best practices while working in the summer; 38% admit not updating employers when working from new locations

New research released today from ThreatX, the leading API and application protection platform, reveals that IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely. With more endpoints and applications in use, and often personal rather than corporate issued, the risk to corporate data may increase. Given APIs are the driving force behind these connections, the study reinforces the need for prioritizing API and application security.

ThreatX surveyed 2,000 consumers across the US and UK to assess whether employees’ behaviors during the summer are inadvertently increasing API and application risk. More than half (55%) of employees admit to relying solely on their mobile devices while working from vacation and holiday destinations in the summer. Further, 25% claim that they aren’t concerned about ensuring network connections are secure when accessing company data, and only 12% use a VPN when traveling and working remotely.

The results show that employees increasingly rely on personal devices to access corporate data during the summer, which could open the door to cyber criminals seeking to penetrate corporate networks. And with 38% of respondents neglecting to notify their employers when working from new locations while traveling, it becomes harder for IT teams to monitor BYOD policies and application usage.

“The summer months lead to increased cybersecurity risks as employees’ behaviors shift and as cyber hygiene becomes laxer. Factors such as increased remote work and travel, and even employees’ children using parents’ devices to browse the internet and play games, all can potentially expose corporate data through attacked APIs,” said Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX. “To avoid this, it’s important organizations strengthen the visibility and security by tracking, monitoring, and uncovering vulnerable API and applications.”

The report also presents several notable findings:

• Younger employees are most likely to use mobile devices for work: when traveling or working remotely, 67% of Millennial employees (compared to 55% overall) said they depend on their personal mobile devices to work. This signals that the younger generations who make up the largest percentage of today’s workforce, are increasingly relying on their personal mobile devices to work, which poses more risk to an organization’s security.

• Organizations need summer security trainings: 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cybersecurity trainings and guides and even less (17%) in the US.

• US and UK employees have very similar summer behaviors: Both admitted to using public or local WiFi or cellular data most (51% in US, 47% in UK) when working from different locations, and both were only somewhat concerned about the security risks of doing so when accessing corporate data (34% in US, 36% in UK).

The findings from ThreatX’s survey highlight a cybersecurity gap with potentially harmful ramifications during summer work months. The exploitation of the zero-day attack on Zellis by way of the MOVEit file transfer tool over Memorial Day Weekend is just one example of the ways in which bad actors attack organizations during holiday and summer months as security resources soften. Enterprises need to prevent future breaches via vulnerable APIs by implementing enhanced security measures that deploy always-on threat monitoring for suspicious activity and develop a security best practice guide that’s regularly updated, instilling a heightened awareness across threats during summer months.

For more information about ThreatX, please visit: https://www.threatx.com/.

About the Survey
ThreatX partnered with Dynata, an all-in-one solution for insights, activation and measurement to create, deploy and analyze this topic. The survey was compiled of 2,000 respondents, including 1,000 US-based and 1,000 UK-based consumers ages 21+. The survey took place between May 25 through June 2, 2023.

About ThreatX
ThreatX is managed API and application protection that lets you secure them with confidence, not complexity. It blocks botnets and advanced attacks in real time, letting enterprises keep attackers at bay without lifting a finger. Trusted by companies in every industry across the globe, ThreatX profiles attackers and blocks advanced risks to protect APIs and applications 24/7. Learn more at https://www.threatx.com.