New research finds 91% of IT teams feel pressure to compromise cybersecurity for WFH business continuity. HP CISO Joanna Burkey urges security leaders to tackle workforce IT conflicts to secure the remote and hybrid workplace. Credit: HP Tensions between IT teams and employees working from home threaten the security of organizations, with attempts to increase or update security for remote working regularly rebuffed in the name of business continuity. HP Inc. CISO Joanna Burkey believes security leaders must address these frictions to secure the future of the hybrid workplace. Speaking to CSO, she reflects on her experience with such issues and offers best practices for dealing with them.IT conflicts create remote working cybersecurity risksA new HP report, Rebellions & Rejections, combines data from a global YouGov online survey of 8,443 office workers who shifted to working from home due to the COVID-19 pandemic, and a global survey of 1,100 IT decision makers. It revealed that almost all (91%) IT teams have felt pressure to compromise security for business continuity as remote and hybrid working has taken hold, while 76% believe security has taken a back seat during the pandemic. As a result, 83% of IT teams say the increase in home workers has created a “ticking time bomb” for a corporate network breach. “This new report shows that while cyberattacks have become more sophisticated, the workforce has become less compliant, thus making it harder to defend the business,” Burkey says.Other findings from the report further bear this out, particularly among younger workers. More than half of remote working 18- to 24-year-olds are more concerned with meeting deadlines than exposing the business to a data breach, with almost a third admitted to trying to bypass corporate security policies to get their work done. Exacerbating matters are frictions between IT teams and the wider workforce regarding efforts to improve the security of remote working. As many as 80% of IT teams admitted to experiencing pushback from users who do not like controls being put on them at home, with 67% facing weekly complaints about this issue. Setting and enforcing corporate policies around cybersecurity is now impossible as the lines between personal and professional lives are so blurred, say 83% of IT teams. Perhaps most damningly, 80% of IT teams consider ensuring security a thankless task, with 69% burdened with feeling like the “bad guys” for trying to impose restrictions. CISOs must address IT tensions to secure remote workingBurkey says it falls to security leaders to address the tensions between IT teams and remote workers to secure the future of remote and hybrid working. “It’s vital that any tension is addressed as otherwise it’s another chink in the armor, making you more vulnerable to attack. Security leaders play a key role in addressing tensions and making security something everyone can buy into, not just something they are told to do.”She admits that, given the difficulty and uncertainty when working alone from home, it’s understandable that security can feel frustrating for users and that IT teams can seem like the bad guys, or that compromises must be made. However, CISOs must reassess security approaches, providing teams and employees with the best security and support for the hybrid workplace. “That means that what worked before might no longer,” Burkey says. “I believe that the organizations that best adapt to change instead of fighting the inevitable will come out on top, but this process isn’t painless, and will need strong leadership and communication to succeed. Driving change to address tensions requires a more collaborative approach to security culture, one that sees security teams listening more to end users and understanding how policies and security technologies can impact workflows and productivity. “Building these bridges will help spread the burden of security, with end-users taking on more accountability,” says Burkey. To build those bridges, she suggests:Open lines of communications with end users to help inform policy decisions.Make adjustments such as providing the rationale behind a security decision or seeking user input before deploying new policies. “[This] can change hearts and minds.”Seek out new levels of endpoint protection that offer advanced remote management while being as unobtrusive as possible to avoid end-users trying to circumvent it.“By building collaborative security partnerships across the workforce, cybersecurity will start to become a cultural cornerstone,” says Burkey. If CISOs fail to turn such strained relationships between security teams and employees into partnerships that drive success, then friction and risk will only escalate, she says. “IT teams are facing an increasing level of threat from ransomware, firmware attacks against PCs and printers, and exploited vulnerabilities now people are working from home, so it’s no wonder 83% [of IT teams] believe this has created a ticking time bomb for a breach.” Related content feature The biggest data breach fines, penalties, and settlements so far Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $4.4 billion and counting. By Shweta Sharma and Michael Hill Apr 26, 2024 16 mins Data Breach Security news New CISO appointments 2024 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Apr 26, 2024 14 mins CSO and CISO IT Jobs IT Governance news Top cybersecurity product news of the week New product and service announcements from Forcepoint, Ionix, Amplifier Secutiry and Torq. By CSO staff Apr 26, 2024 81 mins Generative AI Security feature Looking outside: How to protect against non-Windows network vulnerabilities Security administrators who work in Windows-based environments should heed the lessons inherent in recent vulnerability reports. By Susan Bradley Apr 25, 2024 7 mins Windows Security Network Security Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe