According to a new survey, many employees working from home – particularly those under the age of 24 – see cybersecurity as a hindrance and have tried to bypass controls, posing a threat to organizations.
The report, released Thursday by HP Wolf Security, found almost half (48 per cent) of younger office workers who responded to an online survey view security tools as a hindrance, leading to nearly a third (31 per cent) trying to bypass corporate security to get their work done.
Employees increasingly feel frustrated by security restrictions while working-from-home, which is leading to rising tensions with IT teams and putting business security at risk, the report says.
Staff “expect things to work quickly and refuse to be encumbered, especially younger generations. As a result, cybersecurity teams have been facing an uphill battle trying to secure the increasingly perimeter-less workplace and become burned out and dejected when their efforts are ignored.
“Building bridges between users and cybersecurity teams will play an important part in securing the future of work,” it warns.
The report, entitled “Rebellions and Rejections,” is based on a global YouGov online survey of 8,443 office workers who shifted to working from home (WFH) during the pandemic, and a global survey of 1,100 IT decision-makers.
Key findings
Breaking out Canadian results, the survey found that just under 60 per cent of Canadian IT respondents said they have felt significant pressure to compromise security if it benefitted business continuity.
Sixty-four per cent of office workers surveyed were given no additional training on how to protect their home network. Geographical differences were striking, says the report. Respondents from the U.K. came in at the bottom, with only 23 per cent of employees receiving this type of training, compared to the U.S. (38 per cent) and Canada (44 per cent).
Among other findings
- 48 per cent of office workers surveyed agreed security measures result in a lot of wasted time – this rises to 64 per cent among those aged 18-24;
- 37 per cent of office workers said security policies and technologies are often too restrictive;
- 83 per cent of IT execs believe the increase in home workers has created a “ticking time bomb” for a corporate network breach;
- 80 per cent of IT execs said IT security has become a “thankless task” because nobody listens to them, with 69 per cent saying they are made to feel like the “bad guys” for imposing restrictions.
While the idea that there is friction between employees and cybersecurity teams is not new, the report acknowledges, it concludes these issues have been exacerbated by the pandemic, which has frayed relationships further and amplified the problem.
CISOs will have to tap into a broad range of skills to ensure that risk is communicated and understood so that it can be managed effectively, the report concluded. “Key to this will be ensuring that a positive security culture is rooted into the organization and embraced by all. Security processes will be designed with usability and business continuity in mind, while cybersecurity teams will be armed with the most advanced security tools to improve visibility and enable remote management. They will be positioned as security partners, not security enforcers.”