- Companies in the U.S. and U.K. overestimated their ability to handle remote work, with 73% reporting new challenges in IT security, according to research from endpoint management firm Tanium in partnership with PSB Insights. The firms surveyed 500 IT decision-makers in the U.S and U.K.
- Companies in the U.S. and U.K. have observed a string of risky cyber practices by remote workers, ranging from clicking on phishing emails to storage of sensitive data on laptops and using inappropriate administrative access. Two-thirds of companies have boosted their cloud investments to try and regain control over security.
- "For the majority of the last year, companies were just trying to keep the lights on," said Egon Rinderer, global vice president of technology and federal CTO at Tanium. "But at a certain point in time, the fog lifted and many businesses realized this new era of remote, cloud-based work is here to stay."
The COVID-19 pandemic was a reality check for IT and cybersecurity executives, as 88% of IT managers were confident in their ability to handle remote work before lockdowns began a year ago.
Remote workers are building dangerous habits that are compromising data security to become more productive, including disconnecting from corporate VPN's, according to Rinderer. Workers are also granted too much administrative access in order to reduce pressure on company help desks.
As a result, workers are engaged in risky behavior, including the downloading of unsanctioned apps and failing to update apps or apply security patches.
"This is unsurprising given the shift to remote work, but these behaviors do open up businesses to potential risks, and its imperative that enterprises invest in modern solutions that are not degraded when dealing with remote endpoints in order to mitigate these issues quickly," Rinderer said.
A separate study commissioned by CloudSphere shows another perception gap, as enterprises are increasingly vulnerable to data breaches due to poor enforcement of identity and access management (IAM) policy.
While 78% of respondents claimed they were able to enforce IAM policies, 69% said enforcement issues led to unauthorized access, according to the CloudSphere study of 303 IT professionals worldwide conducted by Dimensional Research.
The study found 32% of enterprises had unauthorized access to cloud resources and 19% had no idea whether unauthorized access took place.
"There is a dramatic mismatch between the perception of cloud access control and the reality of policy enforcement failures," Keith Neilson, technical evangelist for CloudSphere said. "Enterprises think their policies and enforcement strategy are working, when in reality their policy enforcement failures are contributing to unauthorized access."