As of last accounting, the average cost of a data breach in the U.S. stood at a staggering $4.24 million. With that price tag, most organisations can’t afford to be exposed. But it’s not easy to avoid the risk. IT security teams report coming under increased pressure to compromise information security.
The ticking time bomb: gauging information security challenges
Indeed, survey data shows that over 90 per cent of IT teams feel pressure to compromise information security. Where’s the pressure coming from? Turns out, it’s their own people.
As companies went remote, the primary concern of senior management was preserving the balance sheet. Often lost in the mix was information security. At least that’s what over three quarters of IT decision makers say.
They argue that information security was subordinated to business continuity. What’s more, things still haven’t improved.
Information security challenges coming from younger workers
Now there’s pressure coming from younger cohorts to ease up on security controls to allow for greater convenience. Nearly half of the youngest workers (18 to 24 years old) consider security tools to be a hindrance.
Think that’s bad? Over 30 per cent of young workers admit to bypassing corporate security policies to get their work done.
Among this cohort, there’s a widespread belief that security policies are a time suck. And they’re not alone. Forty-eight per cent of all office workers agree that essential security measures result in time wasted. Among younger workers, that number zooms up to 64 per cent.
In fact, most young workers (54 per cent) are more concerned about meeting deadlines than exposing their company to a data breach.
Often, these workers don’t know that they are breaking rules; they don’t know what the corporate information security policies are in the first place, and that’s when companies have policies.
Defusing the information security ticking time bomb
These numbers suggest data breaches have become a matter of when not if. Faced with lackadaisical or downright hostile workers, scads of IT teams admit remote work has created a ticking time bomb. What can they do avoid a major explosion?
Well, weak security policies, insecure networks, and outdated security systems won’t help the already heightened risk of accidental security breaches.
What will: being prepared to prevent and respond to incidents like tailgating (or piggybacking) and misplaced access credentials, as well as protecting company property like laptops, IT servers, and data sharing devices.
Add to that, internal employees might not be the only relevant parties with a lax view of security controls. Third-party risk from suppliers, vendors, and contractors exists, as well. To mitigate it, third-party providers need to be adhering to the highest standards of information security (the same as yours, ideally) when handling your data and information.
Finally, limited situational awareness of what’s going on in the virtual office blinds IT teams to threats and impairs incident response. Teams have to know what’s happening at the workplace and when it’s happening. Remember, when breaches occur, every second counts.
So, how to boost your information security efforts in this age of remote work? Effective cyber incident management measures can help. To learn more, download our guide to improving cyber incident response and management.