CFOtech UK - Technology news for CFOs & financial decision-makers
Story image
UK businesses at risk as employees download apps without consent
Wed, 8th Nov 2023

UK businesses are at risk due to employees downloading apps without permission from their organisations, according to new research.

New research by asset-intelligence cybersecurity company Armis has found that some 67% of employees in the United Kingdom are putting their businesses at risk by downloading app and software onto their devices without gaining consent. This is reportedly happening without the knowledge or management of IT or security teams, leaving businesses exposed to potential cyber threats.

The research also highlighted that 78% of IT and security teams are reporting a lack of control and management over employee-owned assets. This is concerning as it creates vulnerabilities within businesses and a plentiful environment for cyber threats to flourish.

Alongside this, the research found that 39% of organisations feel challenged by the UK's increasingly complicated regulations and governance requirements. Larger companies are identifying the need for rapid adaptation to these stringent regulations that are moving away from traditional check-the-box obligations.

Curtis Simpson, CISO at Armis, emphasised the importance of policy enforcement. It prevents substantial compliance and security breaches. Simpson said, "Lack of policy enforcement can contribute to gaps requiring urgent remediation while also further complicating an organisation's attack surface."

Key findings from the Armis research, which was developed in association with Vanson Bourne, highlight the issues of asset visibility and management within the workplace. This includes the worrying finding that many businesses have limited visibility over employee-owned assets (77%) and company-owned assets (39%) connected to their networks.

United Kingdom organisations' networks have about 45,000 different assets connected daily, according to the findings. Also, just half (51%) of organisations have enforced a Bring Your Own Device (BYOD) policy amongst their employees. A further 69% of respondents acknowledged the need for their organisation to implement better policies and procedures to deal with security vulnerabilities, the research revealed.

David Critchley, Regional Director UKI, Armis, states, "Companies need to prioritise security across the entire organisation, including employee-owned devices, to mitigate risk.

"This can't be done manually, there are just too many assets with potentially unknown vulnerabilities," he said.

Critchley added that automation is the key method for bridging the security skills gap, managing the security posture at scale, and providing a holistic view of the entire attack surface.

The research was conducted in collaboration with independent market research agency Vanson Bourne and surveyed 900 IT security and IT decision-makers, including 150 respondents in the UK, and others across the US, Germany, France, Singapore, Australia and New Zealand.