sb-as logo
Story image

40% of businesses sacked staff due to breach of security during COVID

Almost 40% of business decision makers have laid off their staff members due to a breach of company cyber security policy since the start of the Covid-19 outbreak, according to new research from Centrify,

The research, which involved a survey of 200 UK business decision makers, found 39% of respondents admitted to dismissing employees due a breach.

It also revealed that almost two-thirds (65%) of companies have made substantial changes to their cyber security policy in response to Covid-19 and 100% remote working. Despite this, 58% agreed that employees are more likely to try and circumvent company security practices when working from home – indicating a fundamental flaw in the execution of security measures in a remote-working model.

In an effort to combat poor security practice from employees, 57% of business decision makers revealed that they are currently implementing more measures to securely authenticate employees. Such measures include biometric data checks, such as fingerprint and facial recognition technology, and other multi-factor authentication steps when gaining access to certain applications, files and accounts.

Also, more than half (55%) of businesses already have, or plan to formally ban staff from using personal devices to work from home.

“With more people than ever working from home and left to their own devices, it’s inevitable that some will find security work arounds, such as using personal laptops and not changing passwords, in order to maximise productivity," says Andy Heather, VP, Centrify.

"It’s also possible that the changes in security procedures are not being communicated well to employees, and many are practising unsafe internet usage without even realising," he says.
 
"The reality is the weakest link in any organisation continues to be the human element," says Heather.

"Combatting this issue starts from the top. CIOs and business decision makers must implement strict and transparent, cloud enabled and identity-centric security solutions. 

"This will allow companies to quickly and safely deploy scalable security privileged access management measures, which make it impossible for an employee to access company networks, applications and data, unless they are following correct procedures," he explains.

"Centrify Identity-Centric PAM is designed to handle requesters that are not only human but also machines, services, and APIs. For increased assurance, best practices now recommend strongly authenticated individual identities – not shared accounts – where least privilege can be applied," adds Heather. 

"All controls must be dynamic and risk-aware, which requires modern machine learning and user behaviour analytics. PAM must integrate and interoperate with a much broader ecosystem including the cloud providers, DevSecOps tools, containers, microservices, and more."

 

Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More
Story image
McAfee finds vulnerabilities in 'temi' the videoconferencing robot
Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More