Less than half of UK organizations have adapted cyber security processes to match changes in remote working
- Published: Tuesday, 07 September 2021 08:50
The majority of surveyed UK organizations are relying on employee education rather than wider strategy changes to meet the challenges of today’s remote work scenarios. According to research by ManageEngine, 67 percent of organizations raised employee awareness around security threats and 66 percent provided training on cyber security.
However, according to ManageEngine’s Digital Readiness Survey, which polled more than 300 IT professionals in the UK, employees don’t appear to be fully engaged with these best-practice initiatives and less than half (47 percent) of organizations have adapted their organizational security strategy, either by introducing new solutions or configuring the existing architecture to reflect the changing ecosystem, despite the litany of concerns while dealing with a remote workforce. Even fewer monitor employee devices to ensure their security, with only 42 percent doing so.
In addition, 76 percent of IT purchases are being made without direct approval from IT teams, creating a disconnect between them and other departments and opening the organization up to security vulnerabilities from unpatched software.
With 95 percent of companies planning to continue supporting remote workers for at least the next two years, determining how to adapt and enforce security strategies is critical given the rise in security threats. Almost half (45 percent) of organizations have experienced an increase in phishing, followed by increases in account hijacking (38%), social media-based attacks (36 percent) and endpoint network attacks (34 percent).
Key to tackling these emerging threats upfront is placing a renewed focus on the consultative role of the IT department and its leadership within the organization, according to Chris Windley, Chairman and CEO of the Cyber Security Association. Speaking at ManageEngine’s recent Digital Readiness Roundtable, Windley commented, “The level in which IT is embedded within the wider organization still varies depending on the business. This disconnect, in terms of level of authority and lack of sufficient operating budget, is leading IT professionals to become ‘yes/no people’ as opposed to informed consultants to other teams. There needs to be a more collaborative approach in terms of how the IT team works with the business as a whole, and how it enables access to the right tools and software to ensure cyber and data security, and integrity.”