Cybersecurity experts 'under-equipped' to tackle Covid-19 remote working demands

News by Andrew McCorkell

IT professionals are struggling to keep pace with the increased demands brought on by a massive increase in remote working, according to research from ManageEngine.

More than half (59 per cent) of IT teams believe they are either “under-equipped or still have some way to go” to tackle the security and privacy demands of remote working, new research from ManageEngine has found.

It comes despite 72 per cent of IT teams stating that the IT Service Management in their organisation continues to be effective despite remote working conditions.

The research from the enterprise IT management provider focused on the impact of remote working and Covid-19 on IT service management (ITSM).

Kumaravel Ramakrishnan, product manager at ManageEngine, said: "The fact that only 40 per cent of organisations feel that they are properly equipped to tackle the increasing security and privacy concerns arising due to remote work is disturbing.
"Organisations should take a two pronged approach to mitigate security and privacy threats by applying the right tools and processes and more importantly, by educating employees on threats like social engineering, ransomware, phishing and building a culture of privacy."  

The research found that:

  • 38 per cent cite user training and knowledge sharing being the greatest challenge of remote ITSM, closely followed by managing IT assets (36 per cent)
  • 16 per cent believe they are still under-equipped to cope with remote working, over three months into global lockdowns
  • Nearly one-third (29 per cent) of the organisations feel they did not do enough prior testing of their business continuity action plan, with the other major areas of improvement being better knowledge management (42 per cent) and IT asset and BYOD policies (32 per cent)

ManageEngine surveyed 519 IT professionals across a range of topics.

The survey asked 15 questions across five areas asking about the impact of employee remote working; financial and asset management implications; security and governance issues; third-party services and technology assistance and business continuity success levels.

Jamie Akhtar, CEO and co-founder of CyberSmart said businesses are in a difficult position right now and with many employees using their own devices or just working from home, IT security measures are both more important than ever and more difficult to enforce.

Akhtar said: “42 per cent of staff state that their company’s security policies (like needing to have an IT admin install new software) make it more difficult to do their job. This is why education is so important.

“IT teams need to both develop clear security strategies for remote working and explain to staff what is at risk if they do not follow them. These plans should require the fundamentals of cyber hygiene even for employee personal devices.

"These include strong password protection, up-to-date software and firewalls, and secured home networks."

Javvad Malik, Security Awareness Advocate at KnowBe4 said that knowledge sharing and being able to effectively train employees has become quite the challenge.

Malik added: “While there are undoubtedly many technical challenges to having the workforce working remotely, procedures and knowledge sharing are perhaps the most important, yet, often overlooked aspects. 

“In the office environment, many issues can be quickly resolved with a tap on the shoulder, this is removed when working from home, and when faced with a multitude of communication channels such as email, instant messaging, video calls, phone calls, text messages etc, it can be easy to become overwhelmed.

"At the same time, criminals are actively trying to take advantage of these by phishing users by masquerading as the IT team, colleagues, or execs. 

“It's therefore important that organisations set clear guidelines out for communication, both in terms of how employees should reach out for assistance, and how to expect inbound communication."

Niamh Muldoon, senior director of trust and security at OneLogin: said: “The key thing to understand if businesses are to move forward in the hybrid working model is that traditional security approaches are no longer enough. End-users no longer have the security controls afforded to them when they were based in their offices full-time - these controls are no longer present in this hybrid model. Organisations need to understand this and review the existing model, applying a new security model and program to their hybrid operating environment.
"Identity is the most important aspect to this new hybrid operating model - understanding who and what device is trying to log into their business environment systems and associated applications. Streamlining identity with IDAAS technology solutions will support organisations in continuing to deliver quality IT services while balancing cost and risk for the organisation."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews