Employees putting businesses at risk downloading apps and software without consent

New research, the asset intelligence cybersecurity company, found that cybersecurity teams in the United Kingdom are struggling to manage cyber threat information and navigate complex government regulation, while a lack of policy enforcement is allowing employee behaviour to leave businesses exposed. 

Two-thirds of UK employees are putting their businesses at risk by downloading apps and software without the knowledge of IT or security teams. New research* the asset intelligence cybersecurity company, found that cybersecurity teams in the United Kingdom are struggling to manage cyber threat information and navigate complex government regulation, while a lack of policy enforcement is allowing employee behaviour to leave businesses exposed.

The research, surveying security and IT decision-makers, found that the employees of more than two in three (67%) organisations are introducing risk to the business by downloading applications and software onto assets without the knowledge or management of IT or security teams.

Furthermore, many organisations (39%) admit to feeling challenged by the UK’s increasingly complicated regulations and governance requirements.

“Companies need to rapidly adapt to new stringent regulations that are moving away from traditional check-the-box obligations. This requires teams to quickly understand their organisation’s corresponding capability gaps, the path to compliance, and to convince other teams required to achieve compliance to prioritise such efforts. This is by no means easy” said Curtis Simpson, CISO, Armis. “ Lack of policy enforcement can contribute to gaps requiring urgent remediation while also further complicating an organisation’s attack surface. Preventing material compliance and security breaches requires a focus on the foundational, with the business in mind: policy adoption and enforcement, contextual asset visibility and monitoring, exposure and vulnerability prioritisation and remediation.”

Key findings from Armis research, commissioned with Vanson Bourne, include:

A high number of assets in the company environment remain unseen, unmanaged and lack appropriate security measures. Without the correct asset context and policy enforcement, only a partial view of the attack surface is achieved.

  • Around 45,000 assets are connected to UK organisations’ networks on average on a given business day.
  • Over a third (39%) of respondents indicated a lack of complete visibility over company owned assets connected to the business environment, and 42% reported a lack of control and management over these assets.
  • Over three quarters (77%) of respondents indicated a lack of visibility over employee owned assets connected to the business environment, and 78% reported a lack of control and management over these assets.
  • There are gaps in the enforcement of BYOD policies, with only one in two (51%) of organisations having a BYOD policy that is enforced across all employees.
  • 69% of respondents acknowledge their organisation needs better policies and procedures in order to deal with security vulnerabilities.

Prioritising remediation of vulnerabilities is jeopardised by an absence of automation for threat intelligence, leaving an open door for malicious actors.

  • UK respondents report using eight different sources to collect data relating to threat intelligence.
  • Just 52% to 55% of processes related to threat intelligence are automated, which means that a lot of the work needed to make use of the intelligence sources is a manual effort.
  • What’s more, just over half (51%) of the threat intelligence information gathered is actionable.
  • This is leading to one in four (25%) UK cybersecurity teams feeling overwhelmed by the cyber threat information they receive.
  • 39% of UK organisations suffered a security breach as part of a cyberattack in the past 12 months.

“Organisations need to prioritise security across the entire organisation, including employee-owned devices, to mitigate risk,” said David Critchley, Regional Director UKI, Armis. “This can’t be done manually, there are just too many assets with potentially unknown vulnerabilities. That’s why automation is absolutely key to help bridge the security skills gap, manage the security posture at scale and see, protect and manage the entire attack surface.”

Research from Armis,

www.armis.com/attack-surface-management

    Read more

    Latest News

    Read More

    How HR can fix the credibility deficit

    22 November 2024

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    Latest HR Jobs

    The University of Edinburgh – Information Services Group – People & Money ServiceSalary: £40,247 to £47,874 per annum (Grade 7)

    Imperial College London – President’s TeamSalary: £68,005 to £77,703 per annum

    As HR Director, you will be responsible for leading our People team and ensuring that we attract, engage, develop and retain a motivated team of

    We are seeking a dynamic and driven Human Resources Manager to become a key player in The Westminster Team In this exciting role, you’ll invent

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read the latest digital issue of theHRDIRECTOR for FREE