Member Article

Personal Devices are the Biggest Remote IT Threat

Personal device use for remote work poses the biggest security risk to organisations safeguarding their increasingly mobile and cloud-based IT environment, according to a new survey of 100 UK-based senior IT security professionals.

Conducted from March to May on behalf of Duo Security, the survey found 58 percent of respondents believe that network access from non-corporate and personally-owned devices such as laptops, desktops or mobile phones is the highest risk in managing remote users, among other findings.

Duo’s survey found 75 percent of respondents reported that their users now connect remotely to work applications at least 25 percent of the time. While this remote work trend has created unmatched flexibility and has helped organizations attract top talent globally, it has introduced a major predicament for IT and security teams.

“Enterprise mobility is one of the biggest IT security challenges and personal devices are a massive blind spot,” said Richard Archdeacon, Duo Advisory CISO. “If you don’t know what’s connecting to the network, how can you protect data from being compromised? What’s clear from this survey is that decision makers still don’t feel comfortable with the sea of devices entering the workplace.”

When it comes to different groups of remote workers, nearly half of all security professionals (48 percent) ranked external suppliers and service providers as the most risky, compared to internal employees such as the C-suite, sales and field support workers.

This data is underlined by several recent high profile security breaches that originated from third-party suppliers. According to Forrester’s 2017 Global Business Technographics Security Survey, 41 percent of breaches in the past 12 months were incidents within the organization or involved business partners/third-party suppliers.

“Outdated devices are particularly vulnerable to being compromised, which can easily spiral into a full-blown, major breach,” Archdeacon added. “Organisations don’t necessarily need to block individuals from using their personal devices, but they do need to re-shape their security models to fit these evolving working practices.”

This was posted in Bdaily's Members' News section by TH .