Shadow IT Alert As Half of Home Workers Buy Potentially Insecure Kit
Shadow IT incidents snowballed during the pandemic as remote workers purchased devices without IT verification, a new report from HP has warned.
The tech giant Out of sight and out of mind The report is based on a global survey of 1,100 IT decision makers and a separate survey of more than 8,400 homeworkers in the US, UK, Mexico, Germany, Australia, Canada and Japan.
Almost half (45%) said they had purchased computer equipment such as printers or computers to make working from home easier in the past year.
However, 68% said safety was not as important a consideration as other factors such as price or functionality when buying. Worse, 43% didn’t have their new laptop or PC checked or installed by IT, and 50% said the same about their new printer.
IT is also bypassed when it comes to reporting incidents, according to the study. Although three-quarters (74%) of IT teams said they have seen an increase in the number of employees opening malicious phishing links or attachments in the past year, most (70%) of workers at homes that clicked said they did not report it. .
This will hurt IT’s attempts to understand the level of risk the business faces and where it needs to change policies or direct security resources.
The combined impact of these parallel IT challenges is already pronounced: 79% of IT managers said machine rebuild rates increased during the pandemic. This indicates that PCs and laptops have been compromised by malware.
It also has an impact on the IT teams themselves. Two-thirds of IT officials said patching endpoints is taking longer and more difficult than before the pandemic. As a result, they estimated that the cost of IT support regarding security has increased by 52% over the past 12 months.
Some 83% said homeworker security concerns had put more strain on the IT team, and more than three-quarters (77%) feared staff would run out as a result.
“As IT continues to grow in complexity, security support becomes unmanageable. For hybrid work to be successful, IT security teams must be freed from the hours spent provisioning and managing user access requests so they can focus on the tasks that add value, ”a said Ian Pratt, global head of personal systems security at HP.
“We need a new security architecture that not only protects against known and unknown threats, but helps reduce the burden of freeing cybersecurity teams and users. By applying the principles of zero trust, organizations can design resilient defenses to keep the business secure and recover quickly from compromise.