New figures from Armis Research show that British workers are often putting their companies at risk by downloading software that’s not permitted or authorized by their employers, but it’s not exactly their fault.
Workers in two-thirds (67%) of the organizations studied were found to be introducing risk by downloading applications or software onto their hardware without their IT or security teams being in the know.
Armis reckons a lack of policy enforcement is to blame, but many businesses are evading the blame, too, with one in three (39%) complaining that the UK’s “increasingly complicated regulations and governance requirements” are too confusing or challenging.
Businesses need better device management, says report
With two in five (39%) of the UK’s participating organizations suffering from a security breach as part of a cyberattack in the past one year alone, clearly some work needs to be done to minimize risks.
Currently, more than one-third (39%) expressed a lack of complete visibility over company-owned assets, which grew to three-quarters (77%) in the case of employee-owned devices.
The study found gaps in the enforcement of bring-your-own-device (BYOD) policies, with only half (51%) actually enforcing such a policy across all workers. The majority (69%) of the study’s participants agreed that their organization needs to introduce and enforce better, clearer policies and procedures in order to tackle security risks.
Companies with adequate policies aren’t in the clear, either, because one in four (25%) UK cybersecurity teams say that they’re overwhelmed by the information they collect. Armis Research says that only half (51%) of the threat intelligence information collected is actionable, and 45% to 48% of processes are yet to be automated.
Armis CISO Curtis Simpson said: “Lack of policy enforcement can contribute to gaps requiring urgent remediation while also further complicating an organisation’s attack surface.”
UKI Regional Director David Critchley added: “Organisations need to prioritise security across the entire organisation, including employee-owned devices, to mitigate risk,” calling out the need for automation to help bridge the global security skills gap.