New research finds 91% of IT teams feel pressure to compromise cybersecurity for WFH business continuity. HP CISO Joanna Burkey urges security leaders to tackle workforce IT conflicts to secure the remote and hybrid workplace. Credit: HP Tensions between IT teams and employees working from home threaten the security of organizations, with attempts to increase or update security for remote working regularly rebuffed in the name of business continuity. HP Inc. CISO Joanna Burkey believes security leaders must address these frictions to secure the future of the hybrid workplace. Speaking to CSO, she reflects on her experience with such issues and offers best practices for dealing with them.IT conflicts create remote working cybersecurity risksA new HP report, Rebellions & Rejections, combines data from a global YouGov online survey of 8,443 office workers who shifted to working from home due to the COVID-19 pandemic, and a global survey of 1,100 IT decision makers. It revealed that almost all (91%) IT teams have felt pressure to compromise security for business continuity as remote and hybrid working has taken hold, while 76% believe security has taken a back seat during the pandemic. As a result, 83% of IT teams say the increase in home workers has created a “ticking time bomb” for a corporate network breach. “This new report shows that while cyberattacks have become more sophisticated, the workforce has become less compliant, thus making it harder to defend the business,” Burkey says.Other findings from the report further bear this out, particularly among younger workers. More than half of remote working 18- to 24-year-olds are more concerned with meeting deadlines than exposing the business to a data breach, with almost a third admitted to trying to bypass corporate security policies to get their work done. Exacerbating matters are frictions between IT teams and the wider workforce regarding efforts to improve the security of remote working. As many as 80% of IT teams admitted to experiencing pushback from users who do not like controls being put on them at home, with 67% facing weekly complaints about this issue. Setting and enforcing corporate policies around cybersecurity is now impossible as the lines between personal and professional lives are so blurred, say 83% of IT teams. Perhaps most damningly, 80% of IT teams consider ensuring security a thankless task, with 69% burdened with feeling like the “bad guys” for trying to impose restrictions. CISOs must address IT tensions to secure remote workingBurkey says it falls to security leaders to address the tensions between IT teams and remote workers to secure the future of remote and hybrid working. “It’s vital that any tension is addressed as otherwise it’s another chink in the armor, making you more vulnerable to attack. Security leaders play a key role in addressing tensions and making security something everyone can buy into, not just something they are told to do.”She admits that, given the difficulty and uncertainty when working alone from home, it’s understandable that security can feel frustrating for users and that IT teams can seem like the bad guys, or that compromises must be made. However, CISOs must reassess security approaches, providing teams and employees with the best security and support for the hybrid workplace. “That means that what worked before might no longer,” Burkey says. “I believe that the organizations that best adapt to change instead of fighting the inevitable will come out on top, but this process isn’t painless, and will need strong leadership and communication to succeed. Driving change to address tensions requires a more collaborative approach to security culture, one that sees security teams listening more to end users and understanding how policies and security technologies can impact workflows and productivity. “Building these bridges will help spread the burden of security, with end-users taking on more accountability,” says Burkey. To build those bridges, she suggests:Open lines of communications with end users to help inform policy decisions.Make adjustments such as providing the rationale behind a security decision or seeking user input before deploying new policies. “[This] can change hearts and minds.”Seek out new levels of endpoint protection that offer advanced remote management while being as unobtrusive as possible to avoid end-users trying to circumvent it.“By building collaborative security partnerships across the workforce, cybersecurity will start to become a cultural cornerstone,” says Burkey. If CISOs fail to turn such strained relationships between security teams and employees into partnerships that drive success, then friction and risk will only escalate, she says. “IT teams are facing an increasing level of threat from ransomware, firmware attacks against PCs and printers, and exploited vulnerabilities now people are working from home, so it’s no wonder 83% [of IT teams] believe this has created a ticking time bomb for a breach.” Related content news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe