The IT infrastructure of UK businesses continues to be at high risk of cyber-attacks as a result of home working, according to a new study by Kaspersky. IT leaders highlighted a disconnect between organizations and security vendors as a primary factor in this ongoing risk.
The survey of 240 CISOs and 2000 UK workers showed that insecure staff behaviors remain prevalent, nearly a year since the mass shift to remote working as a result of COVID-19. Over one-third of employees said they are less sure of their employers’ security measures whilst working from home, with a similar proportion believing their organizations’ security protocols are less important when working remotely. As a result, more than a quarter of staff have bypassed their employers’ security measures to download unauthorized software and close to a third (30%) have connected to a mobile hotspot in order to get around security measures.
Security leaders appear to be aware of the scale of the problem, with almost three-quarters of CISOs surveyed recognizing that their employees are less likely to adhere to cybersecurity measures while working from home.
Interestingly, a substantial proportion of these security leaders pointed to a poor relationship with their cybersecurity vendors as a major reason for such insecure behaviors persisting. Almost six in 10 stated that they find it difficult to action the guidance provided by security vendors in relation to their business, while a similar proportion do not feel the information they receive from vendors is relevant to their organization in the first place.
Another stark finding from the survey was that 63% of security leaders found the information provided by vendors too complicated to even attempt to share with their staff, while 58% said they don’t believe vendors understand the threats their business faces.
David Emm, principal security researcher at Kaspersky, commented: “The fact that so many employees feel confident and safe enough to bypass the messages they’re being given by their employers is concerning. It would be easy to attribute the problem to this communication within enterprises, but we shouldn’t overlook the statistics relating to vendor understanding and messaging.
“If businesses and CISOs don’t feel they are receiving guidance and information that is tailored to their needs and resources, they’re less likely to translate the actual significance of cybersecurity to their colleagues. Given the ongoing reliance on remote working that we’re expecting in 2021, it’s vital that this relationship improves quickly.”