Archive for Citrix

« Older Entries

The CISA mandates federal patching of Citrix NetScaler flaw by Thursday 

Posted in Commentary with tags , on March 31, 2026 by itnerd

The CISA has added a new Citrix NetScaler appliance vulnerability to its Known Exploited Vulnerabilities catalog and is giving federal agencies till Thursday to remediate the flaw.

The vulnerability (CVE-2026-3055) is caused by inadequate input validation and can be exploited by unauthenticated remote attackers to extract sensitive data from Citrix ADC or Citrix Gateway appliances configured as SAML identity providers.

Denis Calderone, CTO, Suzu Labs provided this comment:

   “Back in 2023 CISA, the FBI, and Australia’s ACSC put out a joint advisory related to CVE-2023-4966, CitrixBleed. That was the same class of vulnerability on the same product family as this new issue, CVE-2026-3055. The issues are memory leaks on NetScaler that let attackers steal session tokens and walk right past authentication, including MFA. We saw LockBit use it to devastating effect against ICBC, Boeing, and DP World, and now we’re looking at another critical memory disclosure flaw on NetScaler. Citrix themselves are warning that exploitation is likely once proof-of-concept code surfaces.

   “An out-of-bounds read on a device like this is particularly dangerous because of where NetScaler sits in the environment. It’s at the network boundary, handling authentication and session management.

   “NetScaler is often used to build a layer of abstraction between the untrusted, semi-trusted and fully trusted security zones within a network. When memory leaks on a device like that, what spills out isn’t random data. It’s potentially session tokens, authentication material, and credentials. These are the things that let attackers bypass every security control sitting behind it. That’s what made CitrixBleed so devastating, and this vulnerability has the same potential.

   “The one piece of good news is that this only affects NetScaler instances configured as a SAML Identity Provider, not default configurations. SOC teams should check right now: search your NetScaler config for ‘add authentication samlIdPProfile’. If it’s there, you’re in scope and you need to patch immediately. If you can’t patch today, consider whether you can disable SAML IDP functionality as a temporary mitigation. Citrix has 21 entries in the CISA KEV catalog at this point. Waiting to see if this gets exploited is not a strategy that has historically worked out with this vendor.”

Jacob Warner, Director of IT, Xcape, Inc. adds this comment:

   “Unpatched gateway appliances are the primary door for initial access brokers and nation-state actors, making this 48-hour remediation window a critical operational priority. This vulnerability allows unauthenticated attackers to bypass security boundaries and harvest credentials or session tokens, effectively turning your identity provider into a pivot point for lateral movement across the entire network. Organizations should immediately identify all Citrix ADC and Gateway instances acting as SAML IdPs and apply the vendor-provided firmware updates before the Thursday deadline.

   “If immediate patching is not feasible, security teams must evaluate whether to disable SAML functionality or place these appliances behind a restrictive VPN to reduce the attack surface. This is not a drill for the weekend; the inclusion in the KEV catalog confirms that active exploitation is already occurring in the wild.

   “Given the history of NetScaler vulnerabilities such as CitrixBleed, the blast radius of a successful exploit likely includes a full bypass of multi-factor authentication (MFA) for downstream applications. Priority should be placed on Internet-facing instances, followed by a comprehensive review of logs for unusual outbound traffic from these appliances.

   “I appreciate CISA giving us a Tuesday warning for a Thursday deadline, though I suspect the “unauthenticated remote attackers” didn’t bother waiting for the official calendar invite.”

Rajeev Raghunarayan, Head of GTM, Averlon said this:

   “Most organizations measure response in terms of time to patch. The real gap is time to decision. Teams often know about a vulnerability, but they don’t know whether it actually matters in their environment.

   “We’ve seen environments with tens of thousands of vulnerabilities where only a handful created meaningful risk based on how they connected to critical systems, especially when identity infrastructure is involved. Without that clarity, everything looks urgent and ends up in the same queue.

   “The organizations moving fastest don’t need external deadlines to act. They can quickly determine what matters and treat those cases as incidents. Others rely on external signals like KEV listings to prioritize, rather than identifying that urgency internally.”

If you organization is affected by this, you need to patch this ASAP because threat actors will not wait to exploit this.

Leave a comment »

Comcast Pwned Via Citrix Bleed Vulnerability… And We’re Talking Epic Pwnage

Posted in Commentary with tags , on December 19, 2023 by itnerd

Comcast’s disclosure is the latest damage from the Citrix Bleed vulnerability. If you’re not familiar with Citrix Bleed, this will get you up to speed. Now back to Comcast getting pwned.

Comcast just disclosed that a breach in their network between October 16 and October 19 disclosed the PII of over 35 million customers.  A reading of the Comcast Customer Notice appears to show the breach was just two weeks after Citrix had released a patch for the critical zero-day Citrix Bleed vulnerability  (CVE-2023-4966) and before they had applied the patch. 

The company said “Xfinity concluded on December 6, 2023, that the customer information in scope included” the following

  • Usernames
  • hashed passwords
  • names
  • contact information
  • last four digits of social security numbers
  • dates of birth
  • secret questions and answers

 HYAS CEO David Ratner said:

   “The criminals are literally waiting for each new zero-day to be discovered because they can pounce faster than patches can be applied.  While an efficient and effective patch strategy is critical for any organization today, it’s also quite simply not enough — operational resiliency must be added at all layers, which includes having the visibility to detect anomalies inside the organization and discover breaches in near real time, so they can be shut down and stopped before data is stolen and damage ensues.”

This is not Comcastic, it’s craptastic. And the thing is that you can expect a lot more of this over the holidays and into the new year. And that’s frightening.

UPDATE: Darren Williams, CEO and Founder, BlackFog had this comment:  

“Third-party vulnerabilities can often result in delayed patching for the company which holds customer data. While Comcast is insisting that no customers have been directly affected or ‘attacked’, this is unlikely as customer data was actively exfiltrated. This breach highlights that any company – small, medium or large – can quickly become a victim of a cyber incident. The key consideration is not “if” a breach will happen, but “when.” This makes it essential to have the proper safeguards in place to prevent data exfiltration. Stopping cybercriminals in their tracks and preventing them from obtaining the one thing they are there for: your data, is the only way to prevent a breach. Additionally, this attack brings emphasis on the need for businesses to strongly consider and assess the security measures of the vendors they work with.  With this mindset, companies can better prepare for the inevitable attack.”

Leave a comment »

“Citrix Bleed” Vulnerability Has The Potential To Be Another MOVEit

Posted in Commentary with tags , on October 31, 2023 by itnerd

Earlier this month, Citrix published a vulnerability discovered in hardware sold by the company and recommended customers updated versions of NetScaler ADC and NetScaler Gateway. A week following the advisory, Mandiant reported that the vulnerability had been used as a zero-day exploit in the wild as early as August 2023, observing exploitation at professional services, technology, and government organizations. The vulnerability is currently being actively exploited by threat actors with a severity rating of 9.4 out of 10, and bypassing multifactor authentication. Which makes this very bad. And it has been dubbed “Citrix Bleed”.

Avishai Avivi, CISO, SafeBreach

It is always bad news when a vulnerability comes under mass exploitation. As the Clop ransomware group’s exploitation of GoAnywhere and MoveIT showed, this will often result in millions of compromised records. This recent Citrix NetScaler vulnerability may become the next mass exploit with some notable differences.

NetScaler, unlike the software mentioned above, is specifically meant to serve as a security device. The mechanism that threat actors are exploiting, the Multi-Factor Authentication (MFA) mechanism, is itself a mechanism that boosts the overall security of the device. The other notable aspect is the timeline surrounding this particular vulnerability. More specifically, security researchers reported exploitation of this vulnerability to Citrix in late August 2023. Citrix released a patch and bulletin on October 10, 2023. Several reports show that, as of today, nearly three weeks after the bulletin, thousands of Citrix NetScaler devices remain unpatched and vulnerable.

I view Citrix’s response with mixed feelings. On the one hand, they promptly issued a patch for a critical vulnerability. On the other, they were too relaxed in communicating the urgency of this patch to their customers. This lack of urgency gets compounded when network and security administrators responsible for these devices fail to patch high and critical severity vulnerabilities. This failure indicates a flawed vulnerability management program. Critical and high-severity vulnerabilities should never remain unpatched or unmitigated for over a week, let alone three.

Tom Marsland, VP of Technology, Cloud Range

This vulnerability, designated CVE-2023-4966, now nicknamed “Citrix Bleed,” demonstrates what can happen when devices go unpatched. It’s not important enough that organizations track and remediate vulnerabilities. They must prioritize them, which means having cybersecurity experts who understand the vulnerabilities and the risk their company is under with these vulnerabilities. This goes to highlight the cybersecurity shortage occurring at the mid-level across the industry.

This vulnerability has a CVSSv3 score of 9.4 – it was first observed in late August, and a patch was released on October 10th. Three weeks should be plenty of time to investigate vulnerabilities and patch them in (at least) the public-facing environment – the fact that this is not occurring on some estimated 20,000 cases, again, highlights poor vulnerability management/asset tracking programs and an understaffed cybersecurity workforce at large.  Not until we push cybersecurity education further down into our K-12 school systems and provide hands-on, competency-based training for our industry professionals, do I think we’ll truly be able to wrap our hands around this problem.

I am now just bracing myself for a new round of ransomware attacks because of this vulnerability on a similar scale of what has been seen with MOVEit. This sort of situation I used to think was the worst case scenario. But now it seems to be the norm. And that’s bad for all of us and needs to change.

Leave a comment »

Mass Exploitation Campaign Backdoors Almost 2000 Citrix NetScalers 

Posted in Commentary with tags , on August 17, 2023 by itnerd

A hacking group has exploited a critical vulnerability in Citrix NetScaler servers to compromise close to 2,000 servers in a massive campaign, before patches could be applied.

As of 8/14 Fox-IT researchers report that of some 31,127 vulnerable servers, more than 1,900 remain “backdoored” and of those found, 1,248 had already been patched, but were never checked for signs of successful exploitation.

The vulnerability, tracked as CVE-2023-3519, allows hackers to execute arbitrary code on the servers without authentication allowing them to do anything they want on the servers, including steal data, install malware, or disrupt operations.

Main Takeaways:

  • A set of vulnerabilities in NetScaler, one of which allows for remote code execution, were disclosed on July 18th. This disclosure was published after several security organizations saw limited exploitation of these vulnerabilities in the wild.
  • Fox-IT (in collaboration with the Dutch Institute of Vulnerability Disclosure) have scanned for these webshells to identify compromised systems. Responsible disclosure notifications have been sent by the DIVD.
  • At the time of this exploitation campaign, 31127 NetScalers were vulnerable to CVE-2023-3519.
  • As of August 14th, 1828 NetScalers remain backdoored.
  • Of the backdoored NetScalers, 1248 are patched for CVE-2023-3519.

David Mitchell, Chief Technical Officer, HYAS had this to say:  

“Unfortunately, this is far from the first time this has happened in recent memory. In previous campaigns, attackers gained footholds within F5, Fortinet and VMware appliances through exposed management interfaces in order to avoid detection by EDR software.  

“Regardless if the exploit is already in the wild, customers are expected to monitor their devices for the IOCs before and after the patch is applied — which is obviously not at an acceptable level. The reason for this gap may be education, outsourced managed devices or division of security labor within an organization, but I do not expect attacks on network devices to stop anytime soon.”

Clearly simply patching everything isn’t enough. You also have to make sure that the bad guys aren’t already in. Which means that you need to take more rigorous steps to make sure that you’re not on the wrong end of a headline.

Leave a comment »

IT Leaders Prioritize Secure Remote Work: Citrix

Posted in Commentary with tags on January 19, 2022 by itnerd

Two years ago, IT leaders were forced into remote work. Many viewed it as a temporary experiment. Today, they see it for what it is: the future of work. And they’ve made it their top priority. According to the results of a Pulse survey conducted by Citrix Systems, Inc., 100 percent of 400 IT and security leaders across North America, EMEA, and APAC have adopted the hybrid model, and rank enabling it as job number one for their organizations.

Leading the Charge

Business leaders who once bristled at the idea of remote work because they didn’t think employees could deliver outside the office now see the benefits it can deliver in terms of employee productivity and experience. They are calling on IT to enable it, and as revealed by the Citrix-Pulse survey, they’re answering.

When asked to rank their top five priorities over the next five years, respondents said:

  • Enabling distributed collaboration
  • Ensuring always-on availability
  • Empowering individual focus
  • Providing a consistent, consumer-like experience from device to device and location to location
  • Automating work

Leaping Hurdles

But they’ll face some challenges in executing. When asked to identify the top obstacles to driving digital transformation, Citrix survey participants cited:

Lack of understanding the needs across the business to effectively prioritize investments (41 percent)

Cumbersome, complex infrastructure (34 percent)

Lack of investment in cloud (24 percent)

Security is also a concern. When asked what they see as the top risks opened by remote and hybrid work, those polled called out:

  • Ransomware attacks (41 percent)
  • Insider threats (18 percent)
  • API/software breaches and vulnerabilities (16 percent)
  • Phishing and cloud-related attacks (15 percent)

And, their teams are stretched to the max, with respondents noting:

  • 70 percent are working more hours
  • 56 percent are leaving
  • 50 percent are experiencing decreased productivity
  • 49 percent are less satisfied with their jobs
  • 24 percent are disengaged

Pushing Forward

How do the leaders polled plan to overcome these challenges? By focusing on seven key things:

  • Bridging the cybersecurity gap (32 percent)
  • Managing the pace of digital acceleration with cybersecurity investment (29 percent)
  • Zero Trust Network Access (14 percent)
  • Vendor consolidation/simplification (13 percent)
  • Security AI and automation (7 percent)
  • App/API protection and/or browser isolation for SaaS and web apps (3 percent)
  • Acceleration to SASE (2 percent)

You can find the full survey here.

Leave a comment »

Guest Post: Investment in tech hit $670 billion across the globe, what does it mean for innovation in the next 12 months?

Posted in Commentary with tags on December 15, 2021 by itnerd

By David ByerlyVP & Country Manager, Canada

Over the past year, the adoption of technology by businesses around the world seeking ways to adapt to a new way of working skyrocketed. This has resulted in a $678 billion boost in revenue among technology providers, according to a new Citrix new study – The Era of Hyper Innovation

Of those surveyed, nine in 10 business leaders say that the rollout and adoption of new, pandemic-inspired work tools have vastly improved the way individuals and teams interact. But business leaders aren’t stopping there. As a result of their investments, 80% say they expect their organization to enter a stage of hyper-innovation over the next 12 months.

What is driving this acceleration of innovation?

Despite the many concerns business leaders had going into the pandemic, we are seeing boosts in revenue, productivity, and innovation. According to Citrix’s study, the biggest factor has been rethinking how we work due to remote work models.

Ninety-three per cent (93%) of those polled stated that increased digital collaboration has led to more diverse voices from across the organization being heard and a greater range of ideas being exchanged. Eighty per cent (80%) said that they, themselves, have had more creative ideas during the pandemic given they have more free time to think.

Innovation alone isn’t enough

While a commitment to innovating how work gets done is encouraging, it’s important to realize the broader impact this will have on employees. Organizations must also put in place policies that create an equitable environment to avoid the potential for a “Digital Divide” amongst their employees. 

The digital divide is a concept that, when implementing a hybrid or remote working model, you may inadvertently create the serious risk that your workplace will be rife with inequity and unfair or unintentional biases.

Since the onset of the pandemic, employees have had equal access (or lack of access, depending on how well managed your business was) to management for support and guidance, as well as their co-workers for collaboration and advice. This occurred through online collaboration tools that everyone had access to. 

As the return to the office continues, some employees are choosing to remain at home as much as possible. The playing field will no longer be balanced. The biggest struggle for businesses moving forward will be to maintain that equity, allowing productivity and employee wellbeing to continue, while ensuring a seamless and successful transition to hybrid working models.

What does this mean for the future of innovation?

As businesses continue to push through the pandemic, the proven success of adopting new technologies will play a large role in their future strategies. Sixty-nine per cent (69%) of the business leaders surveyed say they will increase investment in R&D in the next 12 months. As they do so, businesses must be prepared to succeed and support their team. 

There are technologies specifically designed to do this already. They can empower all of your employees – no matter where they are working from – to be able to equally engage and collaborate in order to drive the growth and innovation your business needs. Now is the time to truly evaluate your organization from top to bottom and begin strategizing for the future of work you and your team want to see in your business.

Leave a comment »

Business in Canada In 2022: An Outlook From Citrix’s New Head Of Canada

Posted in Commentary with tags on December 4, 2021 by itnerd

With 2021 winding down quickly, here’s some predictions on the outlook for business in 2022 and the trends that are expected to continue and those that are expected to emerge from David Byerly – Citrix’s new head of Canadian operations.

Much of what we saw this year was an extension of the trends forced upon businesses of all types by the pandemic – most notably the new ways of working – but going into 2022 many are wondering what the post-pandemic business world will look like. Here’s David’s thoughts:

Virtual Business Is Here For Good

Employees and business leaders alike have adapted to remote and hybrid work models and come to see the benefits flexible work can have on employee engagement and productivity, work-life balance and mental health, talent recruitment and retention, operating costs, and even the environment.
And now, we can see that flexible work models are not going away anytime soon, with research showing 90 percent want to continue to do it going forward.

To facilitate this, businesses will begin designing and implementing purpose-built digital workspaces in which employees can securely and reliably access the apps and data they need to perform their job and collaborate with their team, no matter where they are working from. 

And these workspaces will be supported with policies that encourage equitable working methods to ensure no employee is at a disadvantage to contribute to the business and advance their careers because of where they happen to be.

A Hybrid Class Of Jobs Will Emerge

Over the last decade or so, we witnessed a large number of knowledge workers leaving their corporate jobs for consulting and freelance work, which created what many called “the gig economy”.

And just as work has transitioned to hybrid models, so too will we see a new class of hybrid jobs emerge, with the flexibility of work that so many of us now desire and expect being combined with the stability and benefits so often associated with corporate positions.

By leveraging hybrid work models and digital technologies, companies create a new class of “gigs with benefits” that provide the flexibility and autonomy freelance, contract and gig workers crave, along with the stability that has become increasingly attractive as the pandemic wears on. 

An Unprecedented Wave Of Innovation And New Tech

Every year brings new technologies and 2022 will be no exception. If anything, this next year will actually bring more innovation and new tech than any year ever before.

Innovation took centre stage in 2020 and 2021 – as businesses were forced to implement new technologies if they wanted to survive the pandemic – and research showed that investments in new technology and flexible work models over the last year fueled a $678 billion boost in revenue across industries. 

And with 69 percent of business leaders around the world saying they will increase investment in R&D in the next 12 months to sustain this growth, this trend of innovation and new tech is set to continue and even increase in intensity.

Of the many varying areas of technology, expect to see the following tech trends emerge all across the business world: parallel internets, hyper-automation, more accessible AI, decentralization, and the metaverse.

It will be interesting to see how many of these predictions come true in 2022. My guess is most if not all of them will come true.

Leave a comment »

Citrix Expands Secure Access Solutions to Empower Hybrid Work

Posted in Commentary with tags on October 5, 2021 by itnerd

Employees today expect the freedom to choose where and how they work and a seamless, productive experience. IT is on the hook to deliver on this, all while keeping things secure. It’s a tall order to fulfill. And Citrix Systems is expanding its secure access solutions to help do it. The company today announced the launch of Citrix Secure Private Access™, a new cloud-delivered, Zero-Trust Network Access (ZTNA) service that protects access to apps and data from managed, unmanaged and Bring-Your-Own (BYO) devices, enabling employees to work the way they want in a secure, reliable and productive manner, wherever they happen to be.

IT wants to accommodate what users want, but traditional solutions make it difficult.

This is exactly what Citrix Secure Private Access is designed to enable. 

Enabling Secure, Productive Hybrid Work

Leveraging new adaptive authentication and access policies in conjunction with security controls, including watermarking, preventing clipboard access, protection from keylogger and screen capturing malware and browser isolation, Citrix Secure Private Access provides simple, contextual access to all apps and data employees need to perform at their best in a consistent, reliable manner. Using the service, IT can: 

  • Provide access to users based on zero trust principles of least privilege access
  • Enable security controls to allow flexibility and choice in devices used to get work done 
  • Support all access types and work scenarios
  • Keep access to all application types, including TCP, browser-based and VDI, secure in a unified manner across multi-cloud environments

And they can do it in a way that is completely transparent to employees, allowing them to work free from complexity and distractions with the confidence that their information and devices are safe.

Enhancing the Employee Experience

They can also remove the friction and frustration from work caused by everything from the need for employees to manage multiple logins and install multiple end point agents to restrictions on devices they can use and locations they can connect from by providing instant and seamless access to apps using native browsers or using an agent on any device. 

Moving to Zero-Trust and Modern IT

Citrix Secure Private Access is also uniquely designed to enable the modern, zero-trust approach to securing apps that remote work environments demand as it:

  • Adaptively grants least-privilege access based on user behaviors and access patterns
  • Continuously monitors and assesses user activities and automates security controls based on anomalies detected
  • Provides unified management and distributed enforcement across the entire environment

Citrix Secure Private Access is the latest addition to Citrix’s portfolio of secure access offerings, which when used in conjunction with Citrix Secure Internet Access™Citrix SD-WAN™ and Citrix Web App and API Protection™, provide a unified, comprehensive approach to securing  apps and data while improving the employee experience and simplifying operations.

Click here to learn more about these solutions and the value they can deliver for your organization.

Leave a comment »

Citrix Survey Provides Insights Into Actions Canadian Businesses Can Take To Attract & Retain Talent

Posted in Commentary with tags on September 29, 2021 by itnerd

Canadian companies may struggle with a potential talent shortage if they do not address workers’ preferences, including remote and flexible work options. According to a survey conducted by Citrix Systems, Inc. 40 percent of Canadian office workers surveyed have left or are considering leaving their jobs. So what are employees looking for? And what can enterprises do to mitigate its impact?

Among the key findings of the Citrix survey:

Flexibility is Key

Today’s workers prefer flexible arrangements that give them the freedom to choose where they work best, including at home, in the office or on the road. 

  • 83 percent of respondents said it was “very” or “somewhat” important that they be able to work from anywhere
  • 49 percent said they would accept a pay cut in return for the ability to do so
  • Canada is leading the U.S. in this regard – 37 percent of Canadian knowledge workers state they currently have the option to fully work remotely compared to only 19 percent in the U.S. 

Employee Experience has Never Mattered More

Modern workers want to engage in innovative work, be productive and make meaningful contributions to the business that are valued – without interference from complex technology and processes. As the Citrix survey reveals, they’re likely to move on if they can’t:

  • 27 percent of workers polled left jobs for positions that provide more opportunities to innovate and try new things
  • 26 percent were not engaged in or passionate about their former role
  • 31 percent were frustrated by overly complicated technology and processes
  • 33 percent believe they can do more meaningful work in their new roles
  • 33 percent feel their contributions are valued and recognized

Fear of the Digital Divide is Real

The global pandemic has made clear that remote work can boost employee engagement and productivity. But as companies transition to hybrid models, there is fear it will open a new digital divide. 

Respondents to the Citrix poll support this notion:

  • 34 percent believe remote employees will be at a career disadvantage for not working out of a central office location
  • 53 percent think they will be less likely to be considered for promotion/advancement opportunities

In addition to revealing why workers are leaving jobs, the Citrix survey also sought to understand what keeps them around. Of the respondents who indicated they have not changed jobs: 

  • 48 percent like what they do
  • 46 percent say their benefits are competitive and beyond financial security, provide for their physical and mental well being
  • 42 percent can work flexibly
  • 34 percent are afraid to make a change given the ongoing uncertainty
  • 29 percent feel trusted and empowered to work when and how they work best

Citrix provides a complete digital workspace platform that companies can use to enable hybrid work and create the space employees need to succeed, wherever they happen to be. Click here to learn more about the company’s solutions and how they can empower your team to be and do their best. 

Leave a comment »

Canadian Employees Still Trying To Adapt To Remote Work After One Year Of The Pandemic: Citrix

Posted in Commentary with tags on March 15, 2021 by itnerd

New research from Citrix revealed that 75% of Canadian workers would like to be given the option of working at home or at the office once the pandemic ends. But if remote work is here to stay, then companies must ensure they are creating a corporate culture that promotes physical and mental wellbeing and offer greater flexibility in the way their employees work.  

According to the study, a majority of Canadian employees want to continue some form of remote work upon return to the office, but working from home has taken a toll on them. Forty-nine per cent (49%) of Canadian office workers declared that their physical wellbeing was worse or much worse since the onset of the pandemic, and 57% said the same regarding their mental wellbeing. 

Company Culture Matters

As a result of the negative impact the past year has taken on employees, Canadian office workers are seeing great value in working for a company whose culture promotes the upkeep of physical and mental wellbeing; as almost all of those surveyed (97%) declared that a company that promotes wellbeing matters to them.

Company culture can be reinforced by many different departments or positions within a company (management, HR, IT), yet none seem to have risen to the levels of support that their workforces feel is required. Of those surveyed, only 23% felt very supported by their organization as a whole, with 32% feeling very supported by their management, 22% feeling very supported by their IT department, and 16% feeling very supported by their HR department. 

When asked what factors play into establishing and maintaining a good company culture, 71% felt that leadership is the most important factor, followed by 43% that felt that flexible work environments and schedules can contribute positively to the culture of a company.    

A Hybrid Return to the Office

Despite the difficulties they experienced working remotely, most employees still want to keep doing it.  When asked what their feelings were towards continuing to work remotely, 58% of respondents said they would like a hybrid model where they can choose whether to work remotely or from the office each day, 17% have no interest in returning to an office; while only 16% stated they would like to return to working in an office each day. 

Remote work has also now become a main factor when employees are looking for new employment or deciding to stay in their current role. Sixty-three per cent (63%) of employees agreed that they would only accept a new job if it offered flexible or remote work options, and most surprisingly, 38% would accept up to a 20% reduction in pay compared to what they are making now if the new role offered remote work models. Overwhelmingly, 73% of employees agreed that businesses will lose out on talent if they don’t offer flexible or remote work. 

Methodology:

The poll – commissioned by Citrix and conducted by OnePoll – questioned 500 Canadian office workers, asking about their views on their current working situation, company culture, and the impact of the pandemic on their wellbeing, career and work/life balance. The poll was conducted between February 2, 2021 and February 15, 2021. 

Leave a comment »

« Older Entries