Two years into the pandemic, security teams are still struggling to secure remote devices and employees are still having trouble engaging in secure behavior.
That’s the key takeaway from a recent HP Wolf report based on a global YouGov online survey of 8,443 office workers who shifted to remote work during the pandemic, and a global survey of 1,100 IT decision makers conducted by Toluna.
When security and business continuity clash
There are many key findings from this survey, including a clash between security measures and the desire to keep businesses running amid the rapid shift to remote work. For example:
- 76% of IT teams polled admit security took a back seat to business continuity during the pandemic, while 91% felt pressure to compromise security if it benefitted business continuity.
- Almost half (48%) of younger office workers (18-24 years old) surveyed viewed security tools as a hindrance, leading to nearly a third (31%) trying to bypass corporate security policies to get their work done.
- 48% of office workers surveyed agreed that seemingly essential security measures result in a lot of wasted time – rising to 64% among those ages 18-24.
- Over half (54%) of 18–24-year-olds were more worried about meeting deadlines than exposing their organization to a data breach; 39% were unsure what their security policies say or are unaware if their company even has them – suggesting growing apathy or a lack of awareness among younger workers.
- As a result, 83% of IT teams surveyed believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.
The survey results also illustrate how security controls can create friction for users and leave security teams feeling dejected:
- 80% of IT teams experienced objections from users who do not like controls being put on them at home; 67% of IT teams said they experience complaints about this weekly.
- 83% of IT teams said trying to set and enforce corporate policies around cybersecurity is impossible now because the lines between personal and professional lives are so blurred.
- 80% of IT teams said IT security was becoming a “thankless task” because nobody listens to them.
- 69% of IT teams said they are made to feel like the “bad guys” for imposing restrictions.
Turning the tide: It can be done
As dispiriting as many of these takeaways are, there are still myriad ways to improve organization security postures. Companies can implement security controls with transparency, usability, and digital transformation in mind. It’s also possible to build a collaborative security culture where conditions make it easier for employees to comply with security policies.
“To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity. From here, security needs to be re-evaluated based on the needs of both the business and the hybrid worker,” said HP CISO Joanna Burkey.
Download the report: HP Wolf Security Rebellions & Rejections