Bring your own danger?

New data reveals organisations do not have sufficient visibility into the devices used by employees.

  • Monday, 9th November 2020 Posted 4 years ago in by Phil Alsop
New research from STX Next, Europe's largest software house specialising in Python software development, has revealed over half (51 per cent) of global organisations still do not have a Bring Your Own Device (BYOD) policy in place across their business. This is despite a widespread shift to home working and its continued prevalence as restrictions tighten across Europe. 


The findings were taken from STX Next’s recent Global CTO Survey. 250 CTOs from around the globe were surveyed to understand the biggest challenges facing their business, what technologies are being invested in and the methods deployed to manage both internal and external teams. Key findings from the investigation included:

·       Almost 80 per cent of participants do not have a dedicated team or department providing security services to the organisation. 

·       40 per cent of organisations are using specialised companies for security and cybersecurity

·       For those organisations with a BYOD policy, 13 per cent do not even use multi-factor authentication. 

·       Despite the container ecosystem blooming, almost half of respondents do not have special guidelines in place for container security, with 47 per cent claiming they do not check the security of containers. 

Discussing these findings, Maciej Dziergwa, Chairman of STX Next, says, “The data obtained from our survey brought to light some interesting (and concerning) realities around the approach organisations have towards cybersecurity. 

“Unfortunately, it seems many still see security as a cost rather than an investment. With remote working becoming one of the most tangible impacts of the coronavirus pandemic,

most businesses do not have sufficient visibility of the devices used by employees, and whether these devices are secure enough for accessing company data. This therefore increases the attack surface for cybercriminals to target. It’s imperative businesses take measures to address these insufficiencies. 

“Devices must be securely connected to the corporate network and remain in the employee’s possession. Helping to manage device security – which should include embracing multi-factor authentication at every opportunity – will help security teams maintain the highest levels of vigilance.”

Dziergwa continues, “Additionally, the findings highlighted the inadequacies of container security. This poses a massive risk to not only the business but, critically, the customers they serve: the prospect of malware being installed in a container which is then uploaded to a customer production environment would be devastating.” 

Concluding, Dziergwa says, “While it is important to caveat that, for smaller organisations cyber security spend is significant, failure to invest in cyber security in the current climate is no longer an option. Covid-19 has shifted the landscape – more employees are working from home meaning many more devices are connecting remotely. As a result, organisational control over security is likely not as strong as it once was. It is critical therefore, steps are taken to build policies to ensure employees are working securely, without hindering their ability to do their jobs.”