New figures from Armis Research show that UK workers are often putting their businesses at risk by downloading software not allowed or approved by their employers, but it’s not exactly their fault.
Workers in two-thirds (67%) of organizations surveyed were found to be introducing risk by downloading applications or software to their hardware without their IT or security teams knowing.
Armis believes a lack of policy enforcement is to blame, but many businesses also evade blame, with one in three (39%) complaining that the UK’s “increasingly complex regulations and governance requirements” are too confusing or challenging.
Companies need better device management, says report
With two in five (39%) of UK participating organizations suffering a security breach as part of a cyber attack in the past year alone, there is clearly work to be done to minimize risks.
Currently, more than a third (39%) expressed a lack of complete visibility over company-owned assets, which grew to three-quarters (77%) for employee-owned entities.
The survey found gaps in the enforcement of BYOD (bring-your-own-device) policies, with only half (51%) actually enforcing such a policy across all workers. The majority (69%) of survey participants agreed that their organization needs to implement and enforce better, clearer policies and procedures to manage security risks.
Companies with adequate policies are also not in the clear, with one in four (25%) UK cyber security teams saying they are overwhelmed by the information they collect. Armis Research says that only half (51%) of collected threat intelligence is actionable, and 45% to 48% of processes have yet to be automated.
Armis CISO Curtis Simpson said, “Lack of policy enforcement can contribute to gaps that require urgent remediation, while further complicating an organization’s attack surface.”
UKI Regional Director David Critchley added: “Organisations need to prioritize security across the whole organisation, including employee-owned devices, to reduce risk,” highlighting the need for automation to help bridge the global security skills gap.