Juliette Rizkallah, CMO at SailPoint, questions whether pressure to drive productivity could be leaving organisations exposed to cyberattacks
It’s no secret that organisations are under increased pressure to improve efficiency. With close to zero productivity growth in the UK between 2007 and 2017 , the pressure is on. We’re seeing organisations rightfully embrace all manner of new technologies resulting from digital transformation to maximise efficiencies, from cloud-based collaboration platforms to artificially intelligent software bots.
However, SailPoint’s Market Pulse Survey found that these new technologies are also introducing risk to the workplace, as are office workers’ poor cybersecurity habits. As employees prioritise efficiency ahead of cybersecurity – also putting them at odds with IT – it is their organisations that truly suffer as a result of this undue risk.
In their efforts to achieve workplace efficiency, employees are engaging in risky behaviour like deploying software without IT’s approval – a practice commonly known as shadow IT. In fact, our survey found that nearly one in three employees admitted to using shadow IT, which introduces new technologies into the workplace outside of IT’s visibility. This lack of visibility leaves IT teams unable to effectively govern and secure their organisation’s users and their access to sensitive applications and data. After all, how can the IT team secure what they cannot see?
This focus on efficiency over security by the workforce has not only introduced more risk to the workplace but also created a sense of frustration between workers and their IT teams. A full 55 per cent of employees surveyed said that their IT department can be a source of inconvenience – a perception that understandably leads to friction between the two parties. IT teams are also often being left out of cybersecurity conversations until something goes wrong. Our survey shows that 49 per cent of employees admit they would blame IT for a cyberattack if one occurred as a result of an employee being hacked.
It is clear that workers are not taking their role in cybersecurity – or IT’s recommendations – seriously. And with younger generations entering the workforce, the future does not look bright. Despite their technological prowess, the 18-25 age group fall short compared to other employees when it comes to cybersecurity, with 87 per cent reusing passwords across different accounts. Amongst this group, almost half (47 per cent) duplicate passwords across work and personal accounts. Perhaps most alarmingly, 28 per cent of 18 to 25 year olds would even consider selling their workplace passwords to a third party.
As the digital transformation continues to introduce rapid changes in the workplace, the best way to increase efficiency without sacrificing security in the process is to secure an organisation’s users, which are the common link across the IT ecosystem and the new security perimeter. By taking this identity-centric approach to security, organisations will have the much-needed visibility across all of their users, applications and data. A comprehensive identity governance strategy can also alleviate the stress between the IT and business departments by giving employees appropriate access to the applications and data they need to securely do their jobs.
With identity governance, organisations can embrace the new technologies that come with the digital transformation, enabling their workforces while also providing IT the visibility and security they need in their increasingly complex IT environments. Otherwise, organisations risk being exposed by the very technologies that are designed to improve their productivity.