Complex Made Simple

Purposely or not, many employees and cybersecurity staff are taking IT security lightly

Businesses are waking up to the fact that one of the biggest chinks in their armor against cyberattacks is their own employees.

Hobbies account for 6 hours a week for cybersecurity staff during working hours 52% of employees believe they can get away with riskier behavior The most notable risks remote workers pose to a company’s information security include malicious insiders

Against the backdrop of a complex and growing cyber threat landscape, where 57% of businesses now assume their IT security will become compromised, businesses are also waking up to the fact that one of the biggest chinks in their armor against cyberattacks is their own employees.

In fact, 52% of businesses admit that employees are their biggest weakness in IT security, with their careless actions putting business IT security strategy at risk.

Security staff goofing off

As much as 90% of IT Security staff in META (Middle East, Turkey, Africa) region engage in leisure activities during working hours. 

Typically, these hobbies account for six hours a week, which is an hour more than regular staff across the company overall.  

These are findings extracted from a new Kaspersky report titled ‘Managing your IT security team’.

Cybersecurity can involve routine and repetitive tasks, which affects both productivity and motivation to work. A shift to remote work has further blurred the lines between working and personal time.  

According to the research, among the most common activities IT security staff participated in at work included reading the news (37%), watching videos on YouTube (44%), and watching films or TV series (31%). A third of the respondents managed to do physical exercise (35%) and read professional literature (30%).

Some 48% actually explained their distractions from work were due to a need for a break between tasks, rather than because of boredom or a lack of work. In addition, when working from home, some duties and meetings may now be scheduled outside the standard 9-5 workday.  

Kaspersky experts responsible for IT security and SOC share the following recommendations on how to manage IT security teams:

1-  Optimally hire 1 cybersecurity employee for every 10 IT professionals

2- For round the clock Security operation center (SOC), there should be at least 5 employees responsible for monitoring

3- Outsource typical IT security tasks. It grants in-house employees more time to focus on company-specific requirements and the protection of legacy networks  

The full report and more advice on team management are available via this link.

Read: The outdoors, indoors and security corridors of today’s remote workforce

Read: The future of work: Hustle, serendipity, creativity, security and yes, entrepreneurship

Cutting corners with cybersecurity

Half of the employees are cutting corners with regards to cybersecurity while working from home – and could be putting their organization at risk of cyberattacks or data breaches as a result.

Remote work is often done without the watchful eyes of IT and information security teams, and workers are taking more risks online and with data than they would at the office. 

Analysis by researchers at cybersecurity company Tessian, the State of Data Loss Report, reveals that 52% of employees believe they can get away with riskier behavior. 

In some cases, employees aren’t purposefully ignoring security practices, but distractions while working from home, such as childcare, roommates, and not having a desk setup as they would at the office, are all having an impact on how people operate.

Meanwhile, some employees say they’re being forced to cut security corners because they’re under pressure to get work done quickly.

“People will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions,” said Tim Salder, CEO of Tessian.

“But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil.”

Insider Threats

Some of the most notable risks that remote workers pose to a company’s information security include malicious insiders and threats from bad actors within a company.

These are generally harder to detect and prevent in a remote work environment due to the company’s reduced ability to limit access and detect unusual activity. 

Common motivators typically include financial gain, espionage for an outside party, and grudges held by disgruntled employees. Some companies might see increased malicious activity, as employees who are asked to accept reduced hours, lower compensation, or reduced promotion opportunities may become resentful.