Lockdown Security Apathy Could Be A Big Risk

Uploaded on 2020-05-01 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Resilience

More than half (57 percent) of UK IT decision makers still believe that remote workers will expose their organisation to the risk of a data breach and this figure has increased steadily from 44 percent in 2018 and 50 percent in 2019. These figures are from the current  IT Security Survey from Apricorn

Apathy over cyber security continues to be a major problem, with just over a third (34 percent) of IT leaders saying their remote workers simply don’t care about security, exactly the same percentage as last year, which suggests organisations are struggling to get employees to buy into the security strategy. 

The rise could reflect a corresponding increase in the number of people working remotely, or an enhanced awareness of the risks of doing so as the UK's workforce began to follow government guidelines to work from home. 

The 2020 research study was conducted by Censuswide. Respondents were 100 UK IT decision-makers (CIOs, heads of IT, IT directors and senior IT managers, etc) from enterprise organisations (with 1000-plus employees) within the financial services, IT, manufacturing, business and professional services sectors.

In 2019 almost half of respondents (47 percent) admitted that their remote workers had already knowingly put corporate data at risk of a breach in the last year; this has now dropped slightly to 44 percent. The Survey was commissioned by Apricorn and conducted between 25 and 27 March 2020.

Presenting the 2020 Survet results Apricorn's Managing Director, Jon Fielding  says: “This year, the need for organisations to facilitate effective and secure remote working has been cast into the spotlight to an extent no-one could have anticipated... Our survey shows that while progress has been made in some key areas since 2019, some of the same risks, such as employee apathy or error, remain a problem. In these currently challenging times, when UK workers are being urged to work from home, it’s all the more important that security is a priority for everyone.”

Organisations have increasingly recognised the importance of endpoint control as remote working has become more prevalent.

Nearly all (96 percent) mitigate the risks of BYOD (bring your own device) with a security strategy that covers employees’ use of their own IT equipment out of the office. Of those, 42 percent only allow the use of devices that have been provisioned or approved by IT, and enforce this with strict security measures. This is a significant rise on 2019, when just over 1 in 10 (11 percent) did so.  This change is crucial given that lost or misplaced devices is now the second biggest cause of a data breach, cited by almost a quarter of respondents (24 percent), up from 17 percent a year ago. 

Employees are unintentionally putting data at risk and this remains the leading cause (33 percent), with third parties mishandling corporate information cited as one of the main causes by 23 percent.

Despite this, the majority (87 percent) of UK IT decision makers agree that their organisations’ remote workers are aware of cybersecurity risks and practices, and follow required policies at all times. “Remote working is not a new concept, but with so many employees now having had a taste for home working, it might be hard for businesses to put that particular lid back on, so they need to figure out where their vulnerabilities lie now, and address them,” Fielding said.

When it comes to the challenges of implementing a cybersecurity plan for remote working, almost a fifth of IT decision makers (19 per cent) say managing all the technology employees need is the biggest problem, a drop from 30 percent in 2019, which suggests that organisations are getting a handle on the complexity involved in the technology aspect.

Fewer IT leaders believe that difficulties with GDPR compliance is the biggest problem with mobile working: 16 percent agreed, compared with 20 percent in 2019, suggesting that this aspect may have been less of a challenge than they originally anticipated.

Apricorn:         FSMatters:       Fudzilla:        ResponseSource:

You Might Also Read:

Every Single Employee Requires Cyber Security Training:

For advice and recommendations about cybersecurity training  please contact Cyber Security Intelligence.

 

 

 

 

 

« Quantum Computing Has Far Reaching Effects On Security
British Government Advice Threatens Your Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

Canadian Institute for Cybersecurity (CIC)

Canadian Institute for Cybersecurity (CIC)

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

IntelliDyne

IntelliDyne

IntelliDyne is a leading information technology consulting firm enabling better mission performance through innovative technology solutions.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

Sensity

Sensity

Sensity is a company that offers an AI-driven solution to detect and verify deepfakes and other forms of identity fraud.

ESProfiler

ESProfiler

Enterprise Security Profiler. Empowering CISOs with clarity & confidence in their security programme by visualising capabilities, usage and spend against their key threat priorities.