Over 90% of IT teams feel pressure to compromise security: Report

The HP Wolf Security Rebellions & Rejections report underscores the conflict that security executives must overcome between IT teams and workers working from home (WFH) to safeguard the future of work.

The findings reveal that IT teams have been compelled to compromise security to ensure business continuity. Worse, their efforts to improve or update security measures for remote workers have frequently been denied. This is especially true for the future workforce of 18-24-year-olds — digital natives who are increasingly frustrated with security impeding deadlines, prompting many to circumvent controls.

The new HP Wolf Security report combines data from a global YouGov online survey of 8,443 office workers who shifted to WFH during the pandemic and a global study of 1,100 IT decision-makers conducted by Toluna. Key findings include:

76 per cent of IT teams admit security took a backseat to business continuity during the pandemic, while 91 per cent felt pressure to compromise safety for business continuity.

48 per cent of office workers surveyed agreed that seemingly essential security measures result in much wasted time – this rises to 64 per cent among those ages 18-24.

Over half (54 per cent) of 18–24-year-olds were more worried about meeting deadlines than exposing their organisation to a data breach; 39 per cent were unsure what their security policies say or are unaware if their company even has them – suggesting a growing level of apathy among younger workers.

Our latest HP Wolf Security report, Rebellions and Rejections, examines how businesses globally face security challenges caused by the shift to remote work, including user friction, poor security culture, and a lack of endpoint visibility.https://t.co/OyLB5LVXuL pic.twitter.com/zEyt9QqK5X

— HP Wolf Security (@hpsecurity) September 9, 2021

As a result, 83 per cent of IT teams believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.

“The fact that workers are actively circumventing security should be a worry for any CISO – this is how breaches can be born,” comments Ian Pratt, global head of security for personal systems, HP. “If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up.”

The report highlights that many security teams have made efforts to curb user behaviour to keep data safe. Ninety-one per cent have updated security policies to account for the rise in working from home, while 78 per cent have restricted access to websites and applications. However, these controls often create friction for users, who resent and push back on IT, leaving security teams feeling dejected and rejected.

“CISOs are dealing with increasing volume, velocity and severity of attacks,” comments Joanna Burkey, CISO, HP. “Their teams are having to work around the clock to keep the business safe while facilitating mass digital transformation with reduced visibility. Cybersecurity teams should no longer be burdened with the weight of securing the business solely on their shoulders; cybersecurity is an end-to-end discipline in which everyone needs to engage.”

Burkey continues: “To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to understand better how security impacts workflows and productivity. From here, security needs to be re-evaluated based on the needs of both the business and the hybrid worker.”

HP is helping organisations to secure the hybrid workplace by delivering transparent and unobtrusive endpoint security. With HP Wolf Security, organisations benefit from robust, built-in protection from the silicon to the cloud and BIOS to the browser. It enables Cybersecurity teams to deliver user-friendly tools and help ease restrictions while also providing defence-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect the business at large.

Recently, HP Wolf Security unveiled the results of a global study of 1,100 IT Decision Makers (ITDMs), which looked into their worries about growing nation-state threats. 72 per cent of respondents said they worry that nation-state tools and techniques could filter through to the darknet and be used to attack their business. Such fears, according to HP, are well-founded. In recent months, evidence has emerged that techniques deployed in the SolarWinds supply chain attack have already been adopted by ransomware gangs – a trend likely to continue.

Read: Global IT executives fear trickle-down of nation state cyberattacks