Skip to main content

Employee Lockdown Stress May Spark Cybersecurity Risk



Younger employees and caregivers report more stress than other groups– and more shadow IT usage.

Stressed-out employees in a remote-working world could be a major contributor to poor cybersecurity postures for companies, according to a survey.

Forcepoint polled 2,000 office workers in Germany and the U.K., to better understand cybersecurity practices among remote workers. Among other findings, the survey found that younger employees as well as people caring for children or other family members reported more stress in their lives, as well riskier IT behaviors when compared to other demographics.

For instance, 67 percent of employees under 30 said they use shadow IT (unsanctioned apps, services and equipment) to help them to perform certain tasks more easily, compared to 27 percent of older workers.

Also, 55 percent of the younger group reported making more mistakes when working from home, such as copying in the wrong people into emails – in comparison, only 17 percent of the over-30s reported such mistakes. And, nearly two-thirds of the younger group (63 percent) stated that distractions while working from home negatively impact decision-making, compared to 26 percent of older people.

It’s unclear if the relationship between security behavior and stress is causal, but it’s still a correlation that leaps off the page, according to Forcepoint.

Click to enlarge. Source: Forcepoint.

“Differences in behaviors may in part reflect natural age-related tendencies in risk-taking, but the level of disparity between the two groups is both consistent and extreme,” said Margaret Cunningham, principal research scientist at Forcepoint, in a Thursday posting on the findings. “This could indicate that natural risk-taking tendencies are exacerbated by prolonged periods of stress and a challenging work climate.”

And indeed, the survey also found that more than two thirds (70 percent) of younger employees have trouble focusing because of their stress level, compared to 29 percent of older workers, and 77 percent said they feel the pressure to be available outside of normal working hours, compared to less than half (46 percent) of older workers.

More than three quarters (78 percent) of younger employees also reported that they feel stressed out by competing demands from their personal and professional lives, compared to 40 percent of older employees.

Caregivers meanwhile also over-index on stress-related behavior that negatively impacts IT security practices. For instance, about half (52 percent) said minor mistakes are a normal part of their days; and distractions that impact decision-making also afflict just over half of the group (56 percent). And, about half (48 percent) admit to using shadow IT.

Click to enlarge. Source: Forcepoint.

“We hadn’t expected the study to reveal so clearly a picture of demographic disparities,” Cunningham said. “Lockdown has been a stressful time for everyone…without additional support from employers, young people and caregivers could continue to deviate further from pre-set and learned IT security rules, exposing their companies to further increased security risk.”

She added that companies need to accept the pervasive use of shadow IT, which exposes organizations to increased cybersecurity risk. But, employers should also provide better emotional and personal support.

“Leaders must proactively help employees deal with increased and prolonged levels of stress and anxiety, paired with additional interruptions,” she said. “Burnout is not only a risk for individual employees, but also impacts organizational resilience and personnel resource management needs.”

Original article: https://threatpost.com/employee-lockdown-stress-cybersecurity-risk/165050/

Comments

Popular posts from this blog

Ransomware's Dangerous New Trick Is Double-Encrypting Your Data

  Ransomware groups have always taken a more-is-more approach . If a victim pays a ransom and then goes back to business as usual-hit them again. Or don’t just encrypt a target’s systems; steal their data first, so you can threaten to leak it if they don’t pay up. The latest escalation? Ransomware hackers who encrypt a victim’s data twice at the same time. Double-encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other. “The groups are constantly trying to work out which strategies are best , which net them the most money for the least amount of effort,” says Emsisoft threat analyst Brett Callow. “So in this approach you have a single actor deploying two types of ransomware. The victim decrypts their data and discovers it’s not act...

Babuk ransomware is back, uses new version on corporate networks

  After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate networks. The criminals are currently using a new version of their file-encrypting malware and have moved the operation to a new leak site that lists a handful of victims. Gang’s still in the game The Babuk ransomware group became known at the beginning of the year but the gang says that their attacks had started in mid-October 2020, targeting companies across the world and demanding ransoms typically between $60,000 and $85,000 in bitcoin cryptocurrency. In some cases, victims were asked hundreds of thousands for data decryption. One of their most publicized victims is the Washinton DC’s Metropolitan Police Department (MPD). This attack likely pushed the threat actor into announcing its retirement from the ransomware business only to adopt another extortion model that did not include encryption....

Microsoft Teams Phishing Attack Targets Office 365 Users

  Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a “missed chat” from Microsoft Teams. Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login credentials. Teams is Microsoft’s popular collaboration tool, which has particularly risen in popularity among remote workforces during the pandemic  — making it an attractive brand for attackers to impersonate. This particular campaign was sent to between 15,000 to 50,000 Office 365 users, according to researchers with Abnormal Security on Thursday. “Because Microsoft Teams is an instant-messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification,” said researchers in a Thursday analysis . The initial phishing email displays the name ...