New report is out that sheds some light on the state of cybersecurity.
According to the HP report, 76% of respondent IT teams said “security took a back seat to continuity during the pandemic,” 91% felt “pressure to compromise security for business continuity” and 83% believe remote work has “become a ‘ticking time bomb’ for a network breach.”
According to the HP report, virtually all respondent IT teams (91%) said they “updated security policies to account for WFH” and 78% “restricted access to websites and applications.”
The findings also identify “frustration” among office workers who feel these IT security restrictions impede their day-to-day workflows. For example, about half of respondent office workers said “security measures result in a lot of wasted time,” 37% thought “security policies and technologies are too restrictive,” according to the report.
Interestingly, the age of remote workers may impact their sentiments regarding company security policies. According to the report, 48% of workers between the ages of 18 and 24 believe “security policies are a hindrance” and 54% were “more worried about deadlines than exposing the business to a data breach” and 39% were unsure of their company’s data cybersecurity policy.
Seems like leadership is leaving cyber professionals on an island. More support may be needed.
Today in health, it work from home is a cyber security ticking time bomb. According to a new report from HP. And it's on tech Republic. My name is bill Russell. I'm a former CIO for a 16 hospital system and creator of this week and health it a channel dedicated to keeping health it staff current and engaged. Have you signed up for cliff notes yet? We designed it for you. We know that you don't have a ton of time so we created a really easy way to get updated on what's going on on the show. You go to this week, health.com. Slash subscribe, or just go to this week, health.com click on the subscribe button at the top right-hand corner, subscribed to clip notes. You'll get an email 24 hours after each episode airs. And you'll get a summary bullet points and one to four short video clips. We value your time. We know you're busy, but we also want to do our part to keep you updated on what's going on in the industry. And so that is why we created it. Hopefully you'll take advantage of it. All right. Today's story. And I covered this on Monday with director Ford. Cause we just finished recording the show. But it's an article from tech Republic or from home is a cybersecurity ticking time bomb, according to a new report. I'm just going to read you some of the things from the findings and we'll focus in on those. So according to the HP report, 76% of respondent, it team said security took a back seat. To continuity during the pandemic, 91% felt pressure to compromise security. For business continuity and 83% believed remote work has become a ticking time bomb for a network breach. And it's interesting because in talking with this with Drex, one of the things we agreed on is that absolutely happened. We were moving very fast, faster than we ever have before. So there was a lot of, uh, let's say an. Thanks uncertainty. Uh, fear that we were moving too fast and missing things. What are the things that directs said is it's important to just keep track of the things. That you want to get back to when you do have time. The things that you may have taken shortcuts or policies, you may have changed that you're thinking, ah, we need to go back and look at that policy, or we need to go back and tighten up that security control and do that later. So that's one of the things that said here. it goes on according to the HP report, virtually all responded, it teams 91% said they updated security policies to account for work from home. And 78% restricted access to websites and applications. And you know where this is going, right? So that's what the it teams did. 91% updated the policy, 78% restricted access. Now we go down to employee burnout, it teams feeling dejected, the start with the employee. Burnout. The findings also identified frustration among office workers who feel these it security restrictions impede their day-to-day workflows. For example, about half of the respondents office workers said. Security measures result in a lot of wasted time. 37% thoughts, security policies. And technologies are too restrictive, according to the report. Interestingly. The age of the remote workers may impact the sentiments regarding company's security policies. According to the report, 48% of the workers between the age of 18 and 24 belief security policies are a hindrance and 54% or more worried. About deadlines then exposing the business. To a data breach and 39% were unsure of their companies. Data cybersecurity policy. It's important to note at this point that this isn't just a healthcare specific report. This is across all industries. And I would say that those statements represent a lack of training and understanding. Of what everyone's role is with regard to security within the organization. There's a leadership. And an onboarding process. There's an HR partnership here that has to happen when 18 to 24 year olds come on, staff. They need to understand that the security policies, aren't a hindrance. They are a precaution against mistakes that we make make. And I understand you being worried about getting your job done, but if you get your job done and expose the business data to a breach that has far more significant ramifications than you not getting your project done. On time. So there's a, there's an education aspect of this that needs to be led. Top-down H R I T partnership. CISSO CIO. chief human resources officer also, obviously with executive sponsorship. As with all projects, one of the things this leads to is, is pretty interesting. So according to the report, 80% of the respondent, It teams said they experienced pushback from workers who do not like the controls being put on them at home with surprising frequency and 69% said they're made to feel like bad guys for imposing restrictions on employees. And 80% felt IC cybersecurity has become a thankless task. And the reality is if leadership isn't going to support you, if you're put out there to be the lone Wolf, that's imposing these things as sort of the sheriff of Nottingham kind of approach. You're just going to get pummeled. This is a CIO CEO, COO. It's all the executives. If, if they are at the big table making the big decisions this is part of what they have to do. They have to support. Does this organization care about cybersecurity? Do we care about privacy? And if we do care about privacy it's joint statements, it's reinforcing the training. It's reinforcing. The authority and the position of the cybersecurity professionals. It's elevating them within the organization to say, these people are here to protect us. So there's a leadership challenge and it's really sad that that's happening. To be honest with you, cybersecurity professionals are probably working as hard, if not harder than. anyone in most industries right now. with the number of things and, and it closes with this, which gives you an idea. I have just some of the things that cybersecurity professionals are dealing with a portion of the report highlights it perception regarding the threat level on various cyber attacks. Methods as employees increasingly telecommute on networks with potential security issues. Ransomware top the list, as you would imagine, 84% followed by laptop and PC focused firmware attacks, unpatched devices. And exploited vulnerabilities and data leakage. In that order, man, in the middle attacks and account devices take over 81%. IOT threats, 79% targeted attack, 77% and printer focused firmware attack. 76%. Round out the top eight perceived threats. And that's not even a complete list, to be honest with you. So our cybersecurity professionals are dealing with an awful lot. They are incredibly important to everything that we were doing, keeping things running on a daily basis, and anyone who's experienced a ransomware attack knows. it just takes that one mistake and the entire system is down four 30. 40 days with a potential data loss. And significant reputational risk and financial risk as well. That's all for today. If you know, someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week. health.com. Or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher. You get the picture. We are everywhere. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. VM-ware Hill-Rom starboard advisers, McAfee and Aruba networks. Thanks for listening. That's all for now.