U.S. companies excel at limiting shadow IT, according to a new report

Many respondents are planning to continue remote operations for the next couple of years, but what strategies are they implementing to protect themselves in the age of remote work at scale?

nd3000.jpg

Image: iStock/nd3000

Due to the coronavirus pandemic, companies around the globe quickly transitioned to remote work to mitigate the spread of COVID-19 in-house. As a result, remote workers are logging on for the virtual workday on their home networks and at times even via their personal devices, leading to new security risks. On Tuesday, ManageEngine published the results of its 2021 Digital Readiness survey highlighting remote work network risks, cybersecurity planning, limiting shadow IT and more.

"These findings indicate that the mass shift to a distributed workforce has forced IT to fundamentally reevaluate their security practices," said Ajay Kumar, chief evangelist at ManageEngine, in a press release.

Remote work and cybersecurity risks

Overall, the vast majority of U.S. IT pros (81%) "believe that having remote workers has increased their enterprise's security challenge," according to the press release, and 97% of stateside companies have taken "security actions to safeguard their data" due to employees working from home. Security strategies implemented to protect data include "raising employees awareness" (77%), employee cybersecurity training (68%), "monitoring employee devices (47%), the release said.

SEE: Security incident response policy (TechRepublic Premium)

A portion of the report identifies the most common security threats for companies and compares regional differences in these metrics: In order, the top U.S. security threats are phishing (62%), endpoint network attacks (49%) and malware (39%).

Earlier this year, companies started their office reentry plans, but many have paused or delayed these timelines due to the delta variant. According to the ManageEngine survey, a number of companies are making long-term commitments to remote work in some capacity. Virtually all U.S. survey respondents (96%) said they were planning to "stick with remote work for at least the next two years."

Based on the findings, North American executives are taking a less stringent approach to network security compared to businesses in other countries. As the report points out, North America "significantly lags in the use of Zero Trust networks" (19%) compared to organizations in India (49%); this stat is particularly pronounced when juxtaposed alongside the average globally (31%).

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

Interestingly, the "U.S. excelled in limiting shadow IT" based on all app purchases requiring IT approval (33%); according to the release, 10% above the average globally. On the flip side, as the executive summary points out, about two-thirds of North American companies "fail to control which software the workforce is buying and installing."

"The results should serve as a wake-up call for organizations to proactively ramp up their security measures through employee training and reinforcing their identity and access management, SIEM and unified endpoint management practices," Kumar said.

Also see