Working from home, which has sustained businesses during the Covid-19 pandemic, now presents a burgeoning cybersecurity risk, with 83% of IT professionals polled in a new study warning that such hybrid work is a ticking time bomb for a network breach.
As IT teams tighten security around home workers to protect companies against possibly devastating breaches, WFH employees are starting to rebel as such restrictions can disrupt their work, causing burnout and frustration amongst security teams, according to the report from security company HP Wolf Security.
A hybrid working environment, or asynchronous working, has been accepted by most organisations as a permanent consequence of the pandemic. If given the chance, 60% of workers polled by cloud management platform Okta would choose to work in a blended environment, rising to 66% of those aged between 24 and 34. But allowing employees to remain in their home offices for half the week can present serious security issues, the HP Wolf study says. "Cybersecurity teams have been facing an uphill battle trying to secure the increasingly perimeter-less workplace" states the report.
These findings are backed up by other research carried out since the Covid-19 pandemic began. When asked by identity solutions provider Axiad which work applications cybersecurity professionals were especially worried about, phishing threats (71%) and malware, such as ransomware, (61%) emerged as the most significant new threat vectors concerning remote work environments.
Since moving to remote working there has been an increase in phishing, with attempted attacks reported by 66% of security professionals, continues the Axiad report. These far outweigh the next most common reports, of malware on devices (30%) and concerns over connecting personal devices (29%),
When the organisations who took part in the Axiad study were asked about the biggest impediments to scaling security to address the risk posed by the part-remote workforce, companies cited equipment, bandwidth restrictions and logistics of installing agents on personal devices as the main points of friction. The sheer volume of security measures can mean workers are beginning to resent them as they can slow work down or make it more complicated states the HP Wolf report. IT professionals "become burned out and dejected when their efforts are ignored," the authors say. "Building bridges between users and cybersecurity teams will play an important part in securing the future of work."
This can lead workers to rebel against restrictions, circumnavigating them to meet deadlines and other workplace demands. Not only does this put the company at a greater risk of a breach, but it also breeds confrontation between WFH workers and IT teams. Ninety-one per cent of IT teams have updated security policies to reflect the greater volume of home working, while 78% restricted access to websites and applications for security reasons. However, of those IT teams that imposed restrictions on user access to websites and applications, 93% said users had expressed frustration that these restrictions hamper their productivity, continues the HP Wolf report.
IT professionals often feel pressured to sacrifice safety for the sake of business continuity, a problem that appears particularly pronounced within the UK. These issues have become so commonplace that 83% of IT professionals believe home working has become a "ticking time bomb" for a network breach. More broadly, 80% of IT teams surveyed reported that they had experienced push back from workers who do not like controls being put on them at home: 18% of IT teams said they experience these sorts of complaints daily, with 22% receiving them every couple of days, and a further 27% experiencing them weekly.
Many users feel irritated and encumbered and thus rebellious when it comes to IT security, with many stepping outside of their security perimeters, continues the HP Wolf report. "This makes life harder for security teams who have been facing increasing pressure to defend their businesses, many feeling that a security breach is imminent as a result," it says.
Many cybersecurity teams feel they are fighting a losing battle, with 83% stating that trying to enforce corporate policies around cybersecurity is impossible now that the lines have become so blurred between personal and professional life. What's more, 80% say cybersecurity is becoming a "thankless task" as home users don't listen to advice.
Rather than continuously trying to improve imperfect systems, the Axiad report argues cybersecurity needs major restructuring. Seventy-eight per cent of organisations polled agree that it is critical for security tools to adapt to the changing digital environment. Such security policies and restrictions were built in times of emergency when working from home was the exception rather than the rule. Now cybersecurity must be viewed in a different light, states the HP Wolf report. "Successful CISOs are now recognising this; they are listening more to end-users and understanding how security impacts their workflow, to re-evaluate security based on the needs of both the business and the hybrid worker," it says.
Claudia Glover is a staff reporter on Tech Monitor.