Enterprise security threat level directly linked to user demographics, industry and geography
Aruba Networks, partner company of South Africa's leading value-added distributor, Networks Unlimited, is calling for businesses worldwide to take action as a new mobile security risk report reveals that businesses are ill prepared for the high-risk, high-growth mindset of the #GenMobile workforce, creating alarming disparity around security practices in the corporate world. The chasm that is exposed between age, gender, income level, industry and geographic location has a direct effect on the security of corporate data.
The “Securing #GenMobile: Is Your Business Running the Risk”, security threat study, which questioned over 11,500 workers across 23 countries worldwide, showcases that employee attitudes are swaying towards more sharing of devices yet an indifferent view to security in the workplace. The study also shows that highly regulated and tech savvy industries, higher-earning males, and emerging markets pose the greatest risk to enterprise data security.
Aruba believes three key trends highlight how #GenMobile is paving the way for risk-prone behaviour in the workforce – which can be both good and bad for business.
- Sharing becomes the norm: Six in 10 share their work and personal devices with others regularly. Nearly a fifth of employees don’t have passwords on devices, with 22 percent of those stating they don’t have security measures in place so that they can share more easily.
- Indifferent attitudes towards security arise: Security ranks fifth behind brand and operating system when #GenMobile is making buying decisions for new devices. Nearly nine in 10 (87 percent) assume their IT departments will keep them protected; however, nearly a third (31 percent) have lost data due to the misuse of a mobile device.
- Self-empowerment succeeds: Over half (56 percent) of workers today said they are willing to disobey their boss to get something done, another (51 percent) says that mobile technologies enable them to be more productive and engaged, and over three quarters (77 percent) are willing to perform self-service IT.
“#GenMobile workers are flexible, transparent and collaborative, willing to take action to drive productivity and business growth. That said, these employees are also far more willing to share company data, and are notably oblivious towards security,” says Ben Gibson, CMO of Aruba Networks.
However, as this high-risk culture enters the enterprise, the report finds an alarming level of disparity among industries, individuals and countries when it comes to the treatment of mobile devices and data:
The discrepancy between industries
- Finance is leaking data: Believe it or not, 39 percent of respondents from financial institutions admit to losing company data through the misuse of a mobile device, which is 25 percent higher than the average across all industries surveyed. The public sector (excluding education) is the least likely to report lost or stolen data.
- High tech is at high risk: High tech employees are nearly two times (46 percent) more likely than hospitality or education workers to simply give up their device password if asked for it by IT.
- Teachers need a lesson on security: The study reveals that educators are 28 percent more likely to store passwords on a sheet of paper compared to those in high tech. Educators also score the lowest compared to all other industries when asked if they password-protected their personal smartphones.
Spotting the risky individual
- Males more prone to data theft: Men are 20 percent more likely to have lost personal or client data due to the misuse of a smartphone, and 40 percent more likely than females to fall victim to identity theft.
- Younger employees wreak havoc on company security: Respondents over the age of 55 are half as likely to experience identity theft or loss of personal/client data compared to younger employees. The age bracket with the highest propensity of data and identity theft is employees between 25 and 34 years old.
- Larger salaries linked to greater security risk: Employees earning more than USD60K are more than twice as likely as employees earning less than USD18K to have lost company financial data, and 20 percent more likely to lose personal data due to misuse or theft of a mobile device. Ironically, when offered money, those that earn greater than USD75K were three times as likely to give out their device password as respondents making less than USD18K.
Mapping global risk trends
- High-risk, high growth: The emerging and growth markets of China, Thailand and the United Arab Emirates (UAE) are found to exhibit the highest risk behaviours worldwide, suggesting that greater risk-taking is linked to increased growth and opportunity as much as it relates to security risk.
- West is playing it safe: To support this connection, the least risk-prone countries are the westernised markets, including the USA, UK and Sweden.
The study suggests that businesses may not be prepared for what lies ahead with over a third (37 percent) not having any type of basic mobile security policy in place. Nearly a fifth (18 percent) of employees do not use password protection on their devices, suggesting that employers aren’t enforcing some basic security practices.
Anton Jacobsz, managing director of Networks Unlimited adds, “Businesses operating in Africa need to especially take heed of mobile security as the continent has been acknowledged as a mobile first, PC second region. This means that the majority of people living in Africa access the Internet for the first time through a mobile device – in fact cellphones are more ubiquitous in Africa than electricity.”
Aruba contends that if businesses strategically measure and intelligently manage their security, the more flexible, open methods of working and information exchange that #GenMobile workers bring can drive new business innovation.
“Organisations should strive to build a secure and operational framework for all workers, rather than stifle them. These trends underline that #GenMobile employees continue to be a growing part of the everyday workforce, but they also bring with them some risky behaviours,” says Gibson.
“In a contemporary connected world, firms need to nurture creativity, while at the same time minimise the risk of data and information loss. As a result, employers need to take an adaptive trust approach to connectivity and data security, identifying individual worker preferences that factor multiple layers of contextual information in order to build secure infrastructures around them.”
Using this global data, Aruba has developed an online Security Risk Index tool to allow organisations to benchmark their Mobile Security risk levels relative to organisations in their country and industry.