A new report from HP Wolf Security revealed that IT teams have been forced into compromising security for business continuity at a time of rising threats. The Rebellions & Rejections report from HP Wolf Security combines data from a global YouGov online survey of 8,443 office workers who shifted to working from home (WFH) during the pandemic and a global survey of 1,100 IT decision makers, conducted by Toluna, and revealed tension between IT teams and employees that security leaders must resolve in order to secure the future of work.
HP Wolf Security Survey Reveals Cybersecurity Rebellions and Rejections
The findings show that security teams' attempts to increase or update security measures for remote workers have often been rejected. This is particularly true for the future workforce of 18-24-year-olds – digital natives who feel increasingly frustrated with security getting in the way of deadlines, leading many to circumvent controls, according to the survey.
In fact, 76% of IT teams admit security took a backseat to business continuity during the pandemic, while 91% felt pressure to compromise security for business continuity. Almost half (48%) of younger office workers (18-24 years old) surveyed viewed security tools as a hindrance, leading to nearly a third (31%) trying to bypass corporate security policies to get their work done, the results showed.
Almost half (48%) of office workers surveyed agreed that seemingly essential security measures result in a lot of wasted time – this rises to 64% among those ages 18-24. More than half (54%) of 18–24-year-olds were more worried about meeting deadlines than exposing their organization to a data breach; 39% were unsure what their security policies say, or are unaware if their company even has them – suggesting a growing level of apathy among younger workers, according to the survey. As a result, 83% of IT teams believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.
Security Teams Feel Dejected and Rejected
The report highlights that many security teams have made efforts to curb user behavior to keep data safe. The survey revealed that 91% of security teams have updated security policies to account for the rise in working from home, while 78% have restricted access to websites and applications. However, these controls often create friction for users, who resent the controls and push back on IT, leaving security teams feeling dejected and rejected, according to the survey.
More than one-third (37%) of office workers surveyed said security policies and technologies are often too restrictive. The vast majority (80%) of IT teams experienced push back from users who do not like controls being put on them at home; 67% of IT teams said they experience complaints about this weekly. According to 83% of IT teams, trying to set and enforce corporate policies around cybersecurity is impossible now that the lines between personal and professional lives are so blurred. And 80% of IT teams responding to the survey said IT security was becoming a “thankless task” because nobody listens to them and 69% of IT teams said they are made to feel like the “bad guys” for imposing restrictions.
Rebellions and Rejections: How Breaches are Born
“The fact that workers are actively circumventing security should be a worry for any CISO – this is how breaches can be born,” said Ian Pratt, global head of security for personal systems, HP Inc. “If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up.”
“CISOs are dealing with increasing volume, velocity and severity of attacks,” said Joanna Burkey, CISO, HP Inc. “Their teams are having to work around the clock to keep the business safe, while facilitating mass digital transformation with reduced visibility. Cybersecurity teams should no longer be burdened with the weight of securing the business solely on their shoulders, cybersecurity is an end-to-end discipline in which everyone needs to engage. To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity. From here, security needs to be re-evaluated based on the needs of both the business and the hybrid worker.”