CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom
Guides
#
big data
#
business intelligence
#
cybersecurity
#
digital transformation
#
work from home
Search
Story image
#
Advanced Persistent Threat Protection
#
Apps
#
Armis
UK businesses at risk as employees download apps without consent
Wed, 8th Nov 2023
Author image
By Shannon Williams, Journalist
Follow us

UK businesses are at risk due to employees downloading apps without permission from their organisations, according to new research.

New research by asset-intelligence cybersecurity company Armis has found that some 67% of employees in the United Kingdom are putting their businesses at risk by downloading app and software onto their devices without gaining consent. This is reportedly happening without the knowledge or management of IT or security teams, leaving businesses exposed to potential cyber threats.

The research also highlighted that 78% of IT and security teams are reporting a lack of control and management over employee-owned assets. This is concerning as it creates vulnerabilities within businesses and a plentiful environment for cyber threats to flourish.

Alongside this, the research found that 39% of organisations feel challenged by the UK's increasingly complicated regulations and governance requirements. Larger companies are identifying the need for rapid adaptation to these stringent regulations that are moving away from traditional check-the-box obligations.

Curtis Simpson, CISO at Armis, emphasised the importance of policy enforcement. It prevents substantial compliance and security breaches. Simpson said, "Lack of policy enforcement can contribute to gaps requiring urgent remediation while also further complicating an organisation's attack surface."

Key findings from the Armis research, which was developed in association with Vanson Bourne, highlight the issues of asset visibility and management within the workplace. This includes the worrying finding that many businesses have limited visibility over employee-owned assets (77%) and company-owned assets (39%) connected to their networks.

United Kingdom organisations' networks have about 45,000 different assets connected daily, according to the findings. Also, just half (51%) of organisations have enforced a Bring Your Own Device (BYOD) policy amongst their employees. A further 69% of respondents acknowledged the need for their organisation to implement better policies and procedures to deal with security vulnerabilities, the research revealed.

David Critchley, Regional Director UKI, Armis, states, "Companies need to prioritise security across the entire organisation, including employee-owned devices, to mitigate risk.

"This can't be done manually, there are just too many assets with potentially unknown vulnerabilities," he said.

Critchley added that automation is the key method for bridging the security skills gap, managing the security posture at scale, and providing a holistic view of the entire attack surface.

The research was conducted in collaboration with independent market research agency Vanson Bourne and surveyed 900 IT security and IT decision-makers, including 150 respondents in the UK, and others across the US, Germany, France, Singapore, Australia and New Zealand.

Related stories
How to ensure your finance transformation project is an unqualified success
Hyland pioneers AI updates for increased efficiency & automation
High Performance Podcast duo to keynote Infosecurity Europe conference
Public sector leaders champion digital experiences
IT leaders leaning on outsourcing for DMARC implementation
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
Dropbox unveils new features for remote work, enhances Microsoft integration
New report reveals stark divide in global AI progression
Global CIO study shows AI adoption is a pressing issue