SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Research shows workplace AI use outpaces security measures

Fri, 4th Oct 2024

Recent research conducted by Ivanti has highlighted a significant gap between the rise in the use of generative artificial intelligence (Gen AI) in the workplace and the preparedness of security teams to mitigate associated risks. The report, titled "Securing the Digital Employee Experience," presents findings that underscore the necessity for better integration of user experience considerations in cybersecurity strategies.

The report states that while 75% of workers are utilising Gen AI in their roles, an overwhelming 81% have not received training on these technologies. In addition, there is a notable 15% of employees who are reportedly using unsanctioned AI tools. This lack of formal training and reliance on unsanctioned applications introduces potential security vulnerabilities, as employees may inadvertently expose their organisations to cyber risks.

Security professionals appear to be aware of these risks, but few are prioritising user experience in their security measures. Only 13% of those surveyed consider user experience to be a mission-critical priority when implementing cybersecurity technologies. According to Mike Riemer, Ivanti's Field CISO, "Although harmless in the moment, employees typically opt for convenience and put security on the back burner. Companies should adopt security measures that reduce the temptation for employees to sidestep protocols and use unsafe workarounds. Strong security shouldn't come at the cost of user experience."

The report also reveals that half of all office workers use personal devices to connect to work networks, with 32% of these workers admitting that their employers are unaware of this practice. This highlights a critical oversight in current IT security strategies, whereby personal device usage could bypass organisational security controls, posing potential threats to data integrity and privacy.

Ivanti's research indicates that 86% of IT professionals agree poor digital experiences lead to unsafe workarounds. However, this is compounded by the fact that nearly one third of security and IT professionals have no formal strategy to manage Gen AI risks. This is further complicated by inadequate consultation of Chief Information Security Officers (CISOs) in planning and investment decisions related to Digital Employee Experience (DEX). Only 38% of companies reportedly involve their CISO in such decision-making processes.

The use of secure technologies also varies, with only 62% of organisations employing Virtual Private Networks (VPNs) or zero-trust access solutions to protect sensitive information. Furthermore, the adoption of multi-factor authentication remains at just 57%, suggesting that more comprehensive security measures could be implemented across various sectors.

The report stresses the importance of a balanced approach that incorporates both effective cybersecurity measures and a positive digital experience for employees. This balance is crucial, according to Ivanti, to prevent security bypass attempts by frustrated employees, thereby maintaining both productivity and security integrity.

Ivanti's study involved more than 20,000 IT professionals, executives, office workers, and security personnel worldwide. Their findings suggest that while the integration of Gen AI tools is growing, the necessary security modifications are lagging, which could potentially compromise organisational cybersecurity health. The study serves as a call to action for security teams to reassess their strategies and ensure they are aligned with both organisational and user needs.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X