WFH is a cybersecurity "ticking time bomb," according to a new report

3 years ago 400

IT teams are experiencing worker pushback owed to distant enactment policies and galore consciousness similar cybersecurity is simply a "thankless task" and that they're the "bad guys" for implementing these rules.

data.jpg

GettyImages/Petri Oeschger

At the onset of COVID-19, companies astir the globe shifted to distant enactment connected abbreviated notice.  The revamped operations transformed the accepted workday and cybersecurity efforts for companies virtually overnight, starring to caller challenges for distant workers and IT teams. On Thursday, HP released an HP Wolf Security report titled "Rebellions & Rejection." The findings item worker pushback owed to institution cybersecurity policies and operational drawbacks for IT teams overseeing these networks.

"The information that workers are actively circumventing information should beryllium a interest for immoderate CISO – this is however breaches tin beryllium born," said Ian Pratt, planetary caput of information for idiosyncratic systems astatine HP, successful a property release. "If information is excessively cumbersome and weighs radical down, past radical volition find a mode astir it. Instead, information should acceptable arsenic overmuch arsenic imaginable into existing moving patterns and flows, with exertion that is unobtrusive, secure-by-design and user-intuitive."

SEE: Security incidental effect policy (TechRepublic Premium)

Remote work: A cybersecurity "ticking clip bomb"

During the archetypal displacement to distant operations, ensuring concern continuity took precedent for galore companies. At the aforesaid time, these caller operations besides presented information risks with distant workers logging connected from location connected a mixed container of idiosyncratic and institution devices.

According to the HP report, 76% of responsive IT teams said "security took a backmost spot to continuity during the pandemic," 91% felt "pressure to compromise information for concern continuity" and 83% judge distant enactment has "become a 'ticking clip bomb' for a web breach."

The power to distant enactment has besides led companies to follow caller policies regarding telecommuting with these rules ranging from location bureau requirements to net speeds and information standards. According to the HP report, virtually each responsive IT teams (91%) said they "updated information policies to relationship for WFH" and 78% "restricted entree to websites and applications."

"CISOs are dealing with expanding volume, velocity and severity of attacks. Their teams are having to enactment astir the timepiece to support the concern safe, portion facilitating wide integer translation with reduced visibility," said Joanna Burkey, CISO astatine HP, successful a property release. "Cybersecurity teams should nary longer beryllium burdened with the value of securing the concern solely connected their shoulders, cybersecurity is an end-to-end subject successful which everyone needs to engage."

Employee burnout: IT teams feeling dejected

The findings besides place "frustration" among bureau workers who consciousness these IT information restrictions impede their day-to-day workflows. For example, astir fractional of responsive bureau workers said "security measures effect successful a batch of wasted time," 37% thought "security policies and technologies are excessively restrictive," according to the report.

Interestingly, the property of distant workers whitethorn interaction their sentiments regarding institution information policies. According to the report, 48% of workers betwixt the ages of 18 and 24 judge "security policies are a hindrance" and 54% were "more disquieted astir deadlines than exposing the concern to a information breach" and 39% were unsure of their company's information cybersecurity policy.

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

In the IT space, playing the relation of web information constabulary amid a distant enactment experimentation astatine standard comes with tons of reddish portion and nary shortage of drawbacks. According to the report, 80% of responsive IT teams said they "experienced pushback from workers who bash not similar controls being enactment connected them astatine location with astonishing frequency" and 69% said "they're made to consciousness similar the 'bad guys' for imposing restrictions connected employees" and 80% felt IT cybersecurity has "become a 'thankless task.'"

"To make a much collaborative information culture, we indispensable prosecute and amended employees connected the increasing cybersecurity risks, portion IT teams request to amended recognize however information impacts workflows and productivity," Burkey said. "From here, information needs to beryllium re-evaluated based connected the needs of some the concern and the hybrid worker."

Remote web information threats

Over the past year, cybersecurity attacks person surged with the power to distant work. A information of the study highlights IT perceptions regarding the menace level of assorted cyberattack methods arsenic employees "increasingly" telecommute connected networks with imaginable information issues. Ransomware topped the database (84%) followed by laptop- and PC-focused firmware attacks (83%), unpatched devices with exploited vulnerabilities (83%) and information leakage (82%), successful order.

"Man-in-the-middle attacks" and account/device takeovers (81%), IoT threats (79%), targeted attacks (77%) and printer-focused firmware attacks (76%) circular retired the apical 8 perceived threats.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article