- An overwhelming majority of information technology teams say they have been pressured to compromise security because remote workers have pushed back against company policies in favor of promoting business continuity, according to a report from HP Wolf Security, a unit of HP Inc, released Thursday.
- More than nine in 10 IT teams felt pressure to compromise security in favor of business continuity, while three-quarters of IT teams admit that security took a back seat to business continuity. The report is based on a YouGov online survey of 8,443 workers, who began working from home during the COVID-19 pandemic, combined with a survey of 1,100 international IT decision makers that was conducted by Toluna.
- The backlash was fueled by younger workers aged 18-24, as 64% of them said essential security measures created a lot of wasted time. More than half of those workers were more concerned with meeting deadlines than protecting companies from a data breach.
Workers consider corporate security rules as stifling their ability to get work done, despite the widely publicized ransomware attacks against U.S. companies in recent months.
The report found 37% of office workers said security policies and technologies are often too restrictive.
Workers see certain rules as particularly onerous, Joanna Burkey, chief information security officer at HP, said via email. For example, Burkey cited rules such as the need for extra logins, or not allowing employees to email files to themselves to continue to work offline.
The resistance from remote workers has created morale problems for many IT officials, according to the research. For example, 83% of IT teams say enforcing cybersecurity policies is impossible due to the lines blurring between professional and personal lives of home-based workers.
About 80% of IT teams surveyed said IT security has become a "thankless task" because they are not being listened to by anyone.
IT teams are sending out a warning regarding the blowback against security protocols, with 83% saying the increase in home-based workers is creating a "ticking time bomb" that could lead to a network data breach.
Endpoint security is a major concern when you have home-based workers, as malware is often delivered using email attachments, web links and downloadable files, according to Ian Pratt, global head of security for personal systems at HP.
"Phishing is of particular concern, with attackers using new techniques to make phishing attempts even more successful, such as AI-automated spear phishing, where an attacker tailored their lures to a specific individual or group," Pratt said.
Another risk is thread-jacking, where employee email accounts are hijacked and malware is spread by responding within specific conversation threads, making it more likely individuals will open a link or attached file, according to Pratt.
The report comes at a sensitive time for U.S. corporations, when many companies have been planning to return workers to the office, only to delay some of those plans due to the outbreak of the Delta variant. Information security staff have been under extreme pressure in recent months due to a wave of sophisticated cyberattacks, ranging from the 2020 nation-state attack against SolarWinds, to more recent ransomware attacks against Colonial Pipeline and meatpacking giant JBS USA.