Enterprises observing uptick in risky behaviors since shift to remote work

Tanium released a report to evaluate the primary IT operations and security challenges organizations have faced amid the large-scale shift to remote work in the COVID-19 era, and how businesses plan to adapt moving forward.

The report was conducted by PSB Insights and surveyed 500 senior-level IT decision-makers (ITDMs) in the U.S. and U.K. across a variety of industries, including financial services, healthcare, manufacturing and retail.

“Our distributed workforce means the end of the network perimeter as we know it and the rise of the endpoint,” said Chris Hodson, Global CISO of Tanium.

“But managing and securing endpoints requires visibility and control. You can’t secure what you can’t see. As the research reveals, it is critical that IT teams continue to invest in solutions that break down data silos and enable automation to ensure manageability, security and insight for their endpoints.”

Enterprises were overly confident in their security posture pre-COVID

Eighty-eight percent of companies reported that before the pandemic they felt some level of confidence in their ability to fully and securely support remote work.

Yet, when forced to go remote, only 39 percent of organizations found it easy to actually shift employees. Despite this, only 33 percent considered “improving cybersecurity” as one of their top three IT initiatives for 2021.

Uptick in risky behaviors since the pandemic started

Since the pandemic, ITDMs have observed risky behavior from employees ranging from storing sensitive data (41 percent) to clicking on phishing emails (38 percent) to inappropriate admin access (37 percent).

It’s not surprising to see risky behaviors around the use of Shadow IT/unsanctioned apps (35 percent), chat or conference apps (31 percent) and third-party file shares (31 percent) as employees try to be productive while working remotely.

Overlooking software updates could present a software supply chain risk

The recent SolarWinds attack illustrates the systemic vulnerabilities in the ever-growing software supply chain. Since the pandemic began, 30 percent of respondents have observed their end users “not updating software.”

It’s imperative that organizations prioritize asset inventory and software updates to protect themselves from critical vulnerabilities and potential attacks.

Cloud investments accelerate

Underlining the criticality of cloud in maintaining business continuity after remote work was introduced, 66 percent of companies accelerated their planned investments in cloud infrastructure.

However, the cloud isn’t being adopted at the same rate in different regions. Forty percent of U.S. IT decision-makers believe their company is well ahead of other companies in adopting new technologies such as cloud services, compared to only 24 percent of U.K. IT decision-makers who feel the same way.

The pandemic shifted investment priorities

After cloud infrastructure, organizations also prioritized investments in data and information security (63 percent), threat detection (60 percent), security/compliance software and services (59 percent), and device management (50 percent). The vast majority of ITDMs cite the pandemic as a key reason for the changes in budgeting priorities.

IT is facing new security and operational challenges with increased complexity

Seventy-three percent of respondents say they face new IT security challenges, and 52 percent noted these challenges have become more complex since the pandemic started.

Operations teams are also under pressure with 69 percent of respondents saying they face new IT operations challenges and 56 percent noting these challenges have become more complex.

Zero trust, authentication and device management rise as the perimeter falls

Compared to their plans before the pandemic, 38 percent of businesses accelerated investments in technology that supports a zero trust architecture.

Additionally, 55 percent accelerated identity and access management investments, and 51 percent accelerated investment in secure adaptive access. This comes at a time when visibility and management across newly distributed workforces is crucial.

Accelerated investments in device management (50 percent), software management (49 percent) and compliance management software/services (48 percent) also reveal a need for a unifying platform to identify, inventory and manage endpoints.