9 in 10 IT teams feel pressure to compromise security for business continuity
Over three-quarters (76 per cent) of IT teams admit security has taken a backseat to business continuity amid the COVID-19 pandemic.
And 91 per cent have felt pressure to compromise security for business continuity, according to a report from HP.
A further 83 per cent believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.
Nearly nine in 10 (86 per cent) of tech leaders suffered a cybersecurity breach in 2020, according to another report.
‘Wasted time’
Part of the challenge may be that 48 per cent of office workers say that seemingly essential security measures result in a lot of wasted time. This rises to 64 per cent among employees aged 18-24. Also, 48 per cent of this age group view security tools as a hindrance, and 31 per cent admit to trying to bypass corporate security policies to get their work done.
More than half (54 per cent) of 18- to 24-year-olds are more worried about meeting deadlines than exposing their organization to a data breach. And 39 per cent are unsure what their security policies say, or are unaware if their company even has them, according to the HP report based on two surveys: a global online survey of 8,443 office workers who shifted to work from home during the pandemic and a global survey of 1,100 IT decision-makers.
“The fact that workers are actively circumventing security should be a worry for any CISO – this is how breaches can be born. If security is too cumbersome and weighs people down, then people will find a way around it,” says Ian Pratt, global head of security for personal systems at HP.
“Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up.”
Many Canadian companies cut back on IT spending in favour of urgent operational expenses, despite heightened security threats resulting from the shift to remote work, according to a report released in February.
Work from home security
To address the cyber security threat with people working from home, 91 per cent of IT teams have updated security policies and 78 per cent have restricted access to websites and applications.
This, however, has created more friction between them and other workers as 37 per cent of office workers say security policies and technologies are often too restrictive.
Eight in 10 (80 per cent) of IT teams have received resistance from workers who do not like controls being put on them at home, and 67 per cent say they experience complaints about this weekly.
This has brought on another layer of burden for IT teams. Eighty-three per cent say trying to set and enforce corporate policies around cybersecurity is impossible now the lines between personal and professional lives are so blurred. Eighty per cent say IT security is becoming a “thankless task” because nobody listens to them and 69 per cent say they are made to feel like the “bad guys” for imposing restrictions.
“To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity,” says Joanna Burkey, chief information security officer at HP. “From here, security needs to be re-evaluated based on the needs of both the business and the hybrid worker.”
It’s also important to update remote workers’ cybersecurity training, according to Iconic IT.
“Require every employee to attend an online cybersecurity awareness training that focuses on the risks of working from home. Employees tend to be a little laxer on security when working from home; a cybersecurity class can remind them of the importance of staying vigilant.”