Amid the chaos of early 2020, another pandemic was silently making its way across the globe at record speed. Cybercriminals reacted quickly to the fast-changing environment and chaos around them, adapting their tools and strategies to target new weaknesses in corporate and personal cybersecurity. Since then, global institutions have been grappling with the aftermath. However, dangerous hackers aren't the only threat. With more and more people now used to the seamlessness of remote work, many are deliberately or inadvertently bypassing critical workplace cybersecurity policies, something that is far easier to do at home than in the office. As a result, traditional cybersecurity teams feel like they’re fighting a losing battle.
However, there is reason to be optimistic about a more secure and prosperous future, which is compatible with a future in which we see more flexible working. To get there, cybersecurity teams must ensure that security is integrated into existing workflows as much as possible. To do this, we need new, unobtrusive and intuitive technologies.
Cybersecurity enables us to live our digital lives with confidence, from online banking to encrypted communications. However, in the workplace, we often regard it as a hindrance to productivity rather than a necessary safeguard. According to a research report by HP Wolf Security, more than a third of workers worldwide believe cybersecurity is a barrier to productivity and efficiency, with nearly half of 18-24-year-olds believing it is.
At least part of this attitude could be attributed to a lack of awareness and a general disinterest in all things related to security. Two fifths of 18-24-year-old employees are unsure of their company's data security practices. More than half indicated they are more concerned about meeting deadlines than exposing the company to a data breach. Meanwhile, nearly two-thirds of office workers said that they had had no further instruction on how to secure their home network.
The fact that this apathy is translating into high-risk activity is perhaps the most worrying aspect. Employees say security regulations and technologies are frequently overly restrictive, with nearly a fifth admitting to circumventing policies to get their work done faster — a figure that rises to 31 per cent among younger workers.
Cybersecurity experts are worried by these developments. After all, they're on the front line of the continuous war to defend intellectual property and private data. They can see the iceberg of a major security breach approaching in the distance, yet they feel unappreciated and unheard when they raise the alarm. In fact, 91 per cent reported that they felt compelled to sacrifice security to maintain a sense of company continuity.
As a result, most IT professionals feel torn between the necessity to protect their company from potentially catastrophic security breaches and the demands of users and managers to develop shortcuts. While 91 per cent of IT teams have adjusted security policies to accommodate the new remote workforce, 80 per cent report having experienced pushback from colleagues. Nonetheless, because of the large number of insecure remote working devices and infrastructure, uneducated users and cybercrime groups operating with impunity from hostile countries, the threat posed by serious dangers such as ransomware — malware that encrypts a user’s files to extract money from them — is particularly severe nowadays.
Worryingly, according to research, one out of every three security teams has suffered high stress during the pandemic, with more than a quarter believing it has harmed their ability to perform their duties. We can't afford to lose any more bright workers at a time when there are chronic cyber-skills shortages, rising risks and declining policy compliance.
Employees want easy-to-use security tools and fewer constraints. On the other hand, cybersecurity teams need to find a method of increasing both security and the awareness of their colleagues of the many dangers in the digital realm. If left uncontrolled, this type of conflict might spiral out of control. So, how can businesses strike an acceptable balance between efficiency and security? The key is to make working securely as simple as working insecurely.
In short, cybersecurity teams must adapt to the emerging hybrid and remote workplace. Security that is built-in rather than bolted onto laptops, PCs and printers can give a more seamless and less restrictive experience. Organisations can then add security services on top, such as those that can contain and isolate risks before they cause harm. Other tools can provide IT teams with remote management and the capacity to self-monitor and self-heal without the need for user engagement.
It's all about maximising security while reducing user annoyance. As we go towards the new era of hybrid working, this is the best strategy to keep IT teams and ordinary colleagues happy, flexible and productive.
