Amidst the chaos of early 2020, another pandemic was silently making its way across the globe. Always ready to adapt their tools and tactics, cybercriminals reacted with speed to the rapidly evolving world around them to exploit new gaps in corporate cybersecurity. Global organizations have been dealing with the fallout ever since. But malicious hackers are not the only threat. New user expectations around seamless remote working are leading many to try and bypass critical security policies. As a result, cybersecurity teams feel like they're fighting a losing battle.
Yet there is hope for a more secure and productive future. To get there, cybersecurity teams must ensure security fits as much as possible into existing workflows and patterns. To do this, technology that is unobtrusive, secure by design, and user intuitive are needed.
From User Friction to Outright Rebellion
Cybersecurity is an enabler. From online banking to encrypted chats, it helps us to live our digital lives with confidence. But in the corporate sphere we often think about it differently — as a blocker to productivity rather than a much-needed guardrail. According to a study by HP Wolf Security, more than a third (34%) of global workers claimed they see cybersecurity as a hindrance, rising to nearly half (48%) among 18–24-year-olds.
At least part of this attitude may spring from a lack of awareness and general disengagement from all things security. Two-fifths (39%) of 18–24-year-old employees are unsure of existing data security policies at their work. More than half (54%) said they are more worried about deadlines than exposing the organization to a data breach. Meanwhile, nearly two-thirds (64%) of office workers told us they were given no additional training on how to protect their home network.
Perhaps most concerning of all is that this user apathy is translating into high-risk behavior that could put countless organizations in harm's way. Some 37% of employees believe security policies and technologies are often too restrictive, and 16% admit to bypassing policies to get their work done more easily, rising to 31% among younger workers.
IT Teams Stuck in the Middle
Cybersecurity professionals understand these trends very well. After all, they're working on the front lines every single day in the ongoing battle to protect corporate IP and data. They can see the iceberg of a serious security breach looming dead ahead but feel undervalued and unheard when raising the alarm. In fact, the vast majority (91%) felt pressured to compromise security to facilitate business continuity.
As a result, most feel they're caught between the need to secure their organization from potentially catastrophic breaches, and the demands of users and managers to create shortcuts. While 91% of IT teams have updated security policies to account for the new distributed workforce, 80% have experienced pushback from users. The same number now claim that IT security has become a thankless task.
Most are understandably sick of being treated as the bad guys, despite mounting levels of cyber-risk. The threat from ransomware is particularly acute today — thanks to the large number of unsecured remote working devices and infrastructure, untrained users, and cybercrime groups operating with impunity from hostile nations.
Worryingly, research tells us that one in three security teams have experienced extreme stress during the pandemic and more than a quarter believe this has affected their ability to do their job. At a time of chronic cyber-skills shortages, mounting threats and reduced policy compliance, we can't afford to lose any more talented professionals.
The Right Tools
Employees are craving user-friendly security tools and eased restrictions, but cybersecurity teams need to find a way to reduce the burden of security and improve visibility into threats. If left unchecked, this kind of friction and risk could escalate to titanic proportions. So how can organizations find an acceptable middle ground between productivity and security? The key is making it as easy to work securely as it is to work insecurely.
This involves cybersecurity teams adapting to the hybrid workplace and seeking out new levels of endpoint protection rooted in zero-trust principles that are as unobtrusive as possible to avoid end-user circumvention. Embedding nonintrusive security technology into the endpoint will go a long way to providing users with a better security experience while also protecting the business.
All endpoint devices with security built-in rather than bolted on can provide a more seamless and less restrictive end-user experience. From here, organizations can layer security services on top, such as those that can contain and isolate critical threats before they have a chance to do any damage. Other tools can offer remote management for IT teams and the ability to self-monitor and self-heal without user interaction.
It's all about optimizing security while minimizing user friction. That's the way to keep IT teams and end users happy and productive as we settle into the new era of hybrid working.