The large-scale shift to remote working as a result of Covid-19 has exposed critical gaps in the security of many organisations. In the rush to maintain workflows, cyber security in the home became an afterthought, with more relaxed attitudes and weaker network security exposing many workers to increased risk.
While security breaches and malware attacks dominate news headlines, IT leaders are more concerned about the threats from within - especially in the new normal. A survey by Computing shows CIOs see employee behaviour as the single biggest cybersecurity risk in this new culture of mass home working, with poorly protected home networks as the number two threat.
That's bad news in the current climate, where almost half (47 per cent) of IT leaders say that security alerts have increased, either greatly or somewhat, during the pandemic; and while 45 per cent say that alerts have stayed the same - and five per cent that they have fallen - dealing with those threats has become more difficult.
This is because of the lack of insight into the dispersed IT estate, the new reliance on employee common sense and home security, and the fact that mass home working was forced on many organisations by circumstance, perhaps without the right controls in place.
With users agreed to be the weakest link in the security chain, educating them about protection is surely the right attitude. However, only just over half (59 per cent) of respondents said they were currently using employee cyber risk training, with another 24 per cent set to adopt within the next 12 months.
This reveals the critical importance of human beings in the digital landscape. Seeing security solely as a technology problem demanding a technology solution is the wrong approach.
Employees - and their managers - need to understand the risks and the organisation's policies and procedures for mitigating them.
President Joe Biden is among Peloton's famous users
The new coalition aims for a unified, comprehensive, public-private campaign against ransomware groups
Cybersecurity suffers from a PR issue, and the government's attempts to raise its profile reveals only the startling lack of diversity in the industry
The Spark #1 - 'If you're not obsessed with this being a success, you shouldn't do it because it'll be a nightmare most of the time'
Stuart Sumner speaks to Tony Pepper, co-founder and CEO of human layer security firms Egress, discussing his organisation's journey, and what he wishes he'd done differently
Google's Project Zero will not share technical details of the bug for 30 days if a vendor fixes the vulnerability within a 90-day deadline