Dive Brief:
- When companies went remote during the COVID-19 pandemic last year, 49% made changes to usual practices that adversely impacted cybersecurity, according to a study from Verizon released last week.
- According to the report, 76% of respondents say IT security officials were put under pressure to sacrifice mobile device security to meet deadlines and other business goals, according to the study. The report is based on a survey of 856 companies in the U.S., U.K. and Australia.
- About 78% of officials expect remote work to remain above pre-pandemic levels, as companies plan a return to the office and set policies for how they will manage a partially remote, or hybrid work environment.
Dive Insight:
Companies across the globe balanced competing interests to maintain a secure corporate perimeter, while allowing remote workers to remain productive at a time of change in the workplace.
"I think what the report tells you — a year into this pandemic — is, it's time to start addressing the issues, understanding the threats, understanding the vulnerabilities," said Dave Grady, chief security evangelist at Verizon. "So that you can improve your mobile security and in a way that's going to benefit you in the long haul."
The report echoes prior concerns raised by CISO's and other IT security experts regarding the need to balance worker productivity with security concerns. Companies were forced to make immediate decisions in March and April of 2020 about remote work policies, but often sacrificed perimeter security in order to make sure key executives had the flexibility to get work done.
"I think that priorities shifted, and sort of the tactical, short-term stuff, became the priority at the expense of the long-term strategic investment in the security program and the security capabilities," Grady said.
Companies are concerned about workers misusing mobile devices, but don't have enough visibility around what their employees are doing, according to the report.
While 72% of companies were concerned about device misuse, 57% of them had no acceptable use policy in place. The policy governs what applications and other activities can be done on a company's computer network or on company-issued devices.