Fifty percent of organisations have increased cybersecurity and data protocols over the past two years but still struggle with compliance.
Manchester: Apricorn has announced new findings from the Apricorn 2022 Global IT Security Survey which revealed that organisations have adapted security policies to accommodate hybrid work, but they are still at risk due to employee compliance and lack of security awareness–particularly when data is on the move between work locations. In the survey, nearly 400 IT security practitioners across North America and Europe responded to questions about security practices and policies during remote/hybrid working conditions.
Eighty-one percent of respondents noted that remote working is now a standard practice within their organisation, with half of all respondents revisiting and updating data security policies and processes that they put in place two years ago when remote work programs were hastily deployed. The risk of moving of data between work locations was highlighted by the fact that the majority of respondents (82%) said that encryption should be required to secure USB storage devices, but only 34% say encryption is mandated within their organisations to protect data on the move.
Employee compliance is a concern survey respondents need to address. One-quarter admit that employees are aware of IT security policies for remote work but are not adhering to them. When remote policies are not followed, it is usually due to employees not prioritising security practices despite being informed about them (51.8%) or because they are using personal devices (40.16%). Additionally, employees may not be fully aware of the risks their activities pose to the company. Despite growing threats, only 27% of respondents say that employees believe they are at risk of being exploited by attackers to access company data and 72% believe that either they are adequately protected by existing protocols or they are too small to be a target.
“Now that organisations have settled in and have adapted to hybrid work environments, IT security depends on the culture of the company and employee compliance now more than ever,” said Kurt Markley, U.S. Managing Director, Apricorn. “IT security professionals shared that nearly three-fourths of remote employees don’t feel they are at risk of being targeted or successfully attacked. This demonstrates that there is a need for a stronger security culture among employees working outside of the corporate firewall. Protecting against cyber threats is not just an IT or security team issue – it’s a company issue”.
Opportunities to improve security culture within organisations are apparent. Eighty percent of organisations have changed their priorities in terms of compliance and security due to the pandemic. IT security professionals have expressed a desire for stronger security policies but those expectations aren't always being met. Almost 40% say their IT department does not have the tools to monitor and enforce policies. However, they are making progress where they can with 56% of organisations reinvesting in employee education while 83% have continually reinforced policies with employees.
“As organisations experience gaps in employee compliance, many are stepping up in terms of education which is key to elevating the culture of security in hybrid workplaces,” added Markley. “The trust employees have in their organisations’ security protocols is encouraging, but it’s important they do not get complacent. Hybrid work may be normalised, but cybersecurity threats are always evolving. Continued policy updates and employee education and buy-in will remain of critical importance to hybrid workforce data security.”
Background info:
Apricorn surveyed nearly 400 (397) IT security practitioners across the globe over a two week period from March 21 – April 4, 2022. The respondents are experienced or veteran IT security professionals: 83% of respondents have more than five years working in security IT, with 45% of them working in the field for 16 – 20 years. They cross the gamut of vertical industries, with the top five verticals representing healthcare (14%), IT (14%), Education (14%), Financial Services (10%) and Manufacturing (10%). With regard to their role in their organization’s IT decision making, 64% either help make the final decision or are the sole decision makers. Additionally, more than a third (34%) of respondents work at large organizations with more than 3,000 employees.