A new report from HP Wolf Security finds that shadow IT is increasing and security incidents are rising as remote and hybrid workers get more comfortable settling into their home offices while commuting to the office a few days week.
According to the report, HP Wolf Security report: Out of Sight & Out of Mind, a growing number of end users are buying and connecting unsanctioned devices outside of IT’s purview, which is making phishing attacks and other social engineering tricks more successful.
That is making IT support more complex, time-consuming and expensive, the report suggests.
The report, a combination of a survey of more than 8,400 office workers who shifted to remote work and a global survey of 1,100 IT decision makers, finds that 45% of office workers purchased IT equipment to support remote working, but 68% said security didn’t play a major role in their purchasing decisions. Another 43% didn’t have their laptop or PC checked or installed by IT, and 50% said the same for a new printer.
This is leading to more successful phishing attacks, as 74% of IT teams say they have seen a rise in the number of employees opening malicious links or email attachments in the last 12 months. Forty percent of users between ages 18 and 24 say they have clicked on a malicious email, and nearly half said they have done so more often since working from home.
Of office workers that reported clicking on a link, 70% didn’t report it to IT, with 24% saying it wasn’t important, 20% citing the “hassle factor” and 12% fearing being punished.
That increase in compromise is, of course, leading to IT having to rebuild machines, as 79% of IT teams report an increase in rebuild rates during the pandemic. However, the report suggests the rate could be higher, as 80% of IT teams worry that devices might be compromised, but they just don’t know about it yet.
Now, IT is having one hell of a time responding to security incidents and patching, with 77% of IT teams saying the time it takes to respond to a threat has increased.
Sixty-five percent of IT teams say patching endpoint devices is now more time consuming and difficult due to remote work, and 64% said the same about onboarding new employees with secure devices.
All of these factors are leading to even more pressure on IT, with 83% of already strained IT Teams saying so, and 77% pointing to remote work as the reason they fear burning out.
Ian Pratt, global head of security for personal systems at HP, said in a statement that cybercriminals are especially adept at playing the “long game” – establishing a persistent presence in an organization’s IT environment and moving laterally to infiltrate high-value systems. With basic cybersecurity best practices falling by the wayside because of remote work, hackers are having more success.
Combined with the growing difficulty of managing IT for a distributed workforce, security support is becoming unmanageable, according to Pratt.
“For hybrid working to be a success, IT security teams need to be freed from spending hours provisioning and fielding user access requests so they can focus on tasks that add value,” Pratt said. “We need a new security architecture that not only protects against known and unknown threats, but that helps to reduce the burden to liberate cybersecurity teams and users alike. By applying the principles of Zero Trust, organizations can design resilient defenses to keep the business safe and recover quickly in the event of a compromise.”