Workers are putting their companies at risk by downloading software without permission

logic of work
(Image credit: Logitech)

New figures from Armis Research show that British workers are often putting their companies at risk by downloading software that’s not permitted or authorized by their employers, but it’s not exactly their fault.

Workers in two-thirds (67%) of the organizations studied were found to be introducing risk by downloading applications or software onto their hardware without their IT or security teams being in the know.

Armis reckons a lack of policy enforcement is to blame, but many businesses are evading the blame, too, with one in three (39%) complaining that the UK’s “increasingly complicated regulations and governance requirements” are too confusing or challenging.

Businesses need better device management, says report

With two in five (39%) of the UK’s participating organizations suffering from a security breach as part of a cyberattack in the past one year alone, clearly some work needs to be done to minimize risks.

Currently, more than one-third (39%) expressed a lack of complete visibility over company-owned assets, which grew to three-quarters (77%) in the case of employee-owned devices.

The study found gaps in the enforcement of bring-your-own-device (BYOD) policies, with only half (51%) actually enforcing such a policy across all workers. The majority (69%) of the study’s participants agreed that their organization needs to introduce and enforce better, clearer policies and procedures in order to tackle security risks.

Companies with adequate policies aren’t in the clear, either, because one in four (25%) UK cybersecurity teams say that they’re overwhelmed by the information they collect. Armis Research says that only half (51%) of the threat intelligence information collected is actionable, and 45% to 48% of processes are yet to be automated.

Armis CISO Curtis Simpson said: “Lack of policy enforcement can contribute to gaps requiring urgent remediation while also further complicating an organisation's attack surface.”

UKI Regional Director David Critchley added: “Organisations need to prioritise security across the entire organisation, including employee-owned devices, to mitigate risk,” calling out the need for automation to help bridge the global security skills gap.

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!