According to a study by HP Wolf Security, 91% of IT teams feel under pressure to compromise security in favour of business continuity.
50% of the IT teams surveyed described this pressure as “significant”.
This pressure owes itself in part due to the pandemic, which required businesses to rapidly adapt to online technologies to survive. Because of this, higher-ups have been demanding IT teams simultaneously create shortcuts to enable innovation while heightening company security.
Such shortcuts often came at the expense of security, meaning IT teams were pressured to compromise this at a time where rates of cyber crime were higher than ever.
But another huge reason for this pressure is widespread apathy among workers towards following security measures.
This HP Wolf security study surveyed adults in the UK, US, Germany, Australia, Japan, Mexico and Canada who used to be office-based, and whose hours working from home had increased or stayed the same due to the pandemic.
Nearly half of office workers described essential security measures as wasting time, a statistic that rises to a shocking 64% among 18 to 24-year-olds.
31% of workers in this demographic confessed to bypassing corporate security policies in the drive to get their work done. 39% didn’t even know what their company's security policies were. And over half (54%) of this age group felt less worried about exposing their organisation to a data breach than they were about meeting deadlines.
48% of office workers in the 18 to 24 age bracket described security tools as a hindrance, with 31% in the drive to get their work done bypassing corporate security policies.
Because of this, 83% of IT teams believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.
Especially since IT teams report businesses are facing a lengthy list of significant threats. 84% of respondents identified ransomware as a very significant risk.
Firmware attacks and unpatched vulnerabilities on laptops were also cited by 83% of respondents as critical. Account/device takeover, printer firmware attacks, data leakage and targeted attacks also had a high percentage of respondents citing them as a serious security risk.
Businesses are dealing with increasingly severe, frequent and innovative cyber attacks. This is a reality that has been heightened by the pandemic. Yet, the attitude internally within many businesses does not appear to recognise this reality.
Business convenience and continuity appears to trump security entirely in the minds of employees. With many outright dismissing or not fully understanding security risks altogether.
What studies like this should highlight to business leaders is the absolute necessity of educating your employees about cyber security, specifically on why it matters. Having rigid security policies that address both working in the office and from home mean nothing if your staff don’t see the point of following them.
With the stress and importance of meeting deadlines and fulfilling business obligations, it’s so easy for employees to begin to resent and disregard security policies that add additional time to them logging on and accessing software. Especially if those employees don’t fully understand why they need to follow them.
Educating your staff about cyber security isn’t just teaching them what protocols they must follow. It’s also contextualising those security protocols in the wider landscape of today’s cyber security risk.
Provide information that demonstrates that not only are businesses at a high risk of attacks, but also that such attacks have devastating consequences, which can include destroying the business itself.
In conclusion, CISOs need to invest time, money and care into comprehensive cyber security education for their employees.
A good place to start is educating your employees on healthy password behaviours, considering stolen, hacked or weak passwords remain one of the top causes of data breaches. And that the primary reason employees bypass these behaviours is out of convenience.
To test if you and your employees are avoiding the pitfalls of creating passwords above, take our password behaviour quiz.