For years companies have invested, and continue to invest, in security systems and policies to protect against external threats. The reality is that internal threats, whether as a result of lack of care or a conscious effort on some employees also pose significant threat to the security of the organization including the data assets it holds most precious. With BYOD now a mainstay in many enterprises, vigilance against internal threats should take on greater importance as an infected smartphone brought to work can potentially connect and gain access to company information once it becomes part of the connected devices behind the company firewall.
The study also reveals that 63% in Malaysia share their devices regularly and 71% believing that mobile technologies enable them to be more productive.
Aruba Networks, Inc. (NASDAQ: ARUN) is calling for businesses worldwide to take action as a new mobile security risk report reveals that businesses are ill prepared for the high-risk, high-growth mindset of the #GenMobile workforce, creating alarming disparity around security practices in the corporate world. The chasm that is exposed between age, gender, income level, industry and geographic location has a direct effect on the security of corporate data.
The “Securing #GenMobile: Is Your Business Running the Risk” security threat study, which questioned over 11,500 workers from across 23 countries including Malaysia, showcases that employee attitudes are swaying towards more sharing of devices yet an indifferent view to security in the workplace. The study shows that the younger males especially those in the high tech and finance industries in Malaysia pose the greatest risk to enterprise data security.
Aruba believes three key trends highlight how #GenMobile is paving the way for risk-prone behavior in the workforce – which can be both good and bad for business.
· Sharing becomes the norm:
o Global - Globally, six in ten share their work and personal devices with others regularly. Nearly a fifth of employees do not have passwords on devices, with 22% of respondents stating that they do not have security measures in place so that they can share more easily.
o Malaysia - In Malaysia, similar to global, six in ten of the respondents share their work and personal devices with others regularly. Also, about 29% of the respondents do not have security measures in place enabling them to share easily.
· Indifferent attitudes towards security rise
o Global - Security ranks fifth behind brand and operating system when #GenMobile is making buying decisions for new devices. Nearly nine in ten (87%) of respondents assume their IT departments will keep them protected; however, a third (31%) have lost data due to the misuse of a mobile device.
o Malaysia - Security ranks third among respondents in Malaysia for device purchase decision making. A high 82% of respondents here believe IT departments will keep them protected. 40% in Malaysia admit to having lost data due to misuse of mobile device.
· Self-empowerment succeeds:
o Global - Over half (56%) of workers today say they are willing to disobey their boss to get something done, another 51% say that mobile technologies enable them to be more productive and engaged, and over three quarters (77%) are willing to perform self-service IT.
o Malaysia - In Malaysia, more than half (62%) say they will disobey their boss to get something done, and 71% say mobile technologies enable them to be more productive and engaged. Interestingly, 81% of the Malaysian respondents say they are willing to perform self-service IT.
“#GenMobile workers are flexible, transparent and collaborative, willing to take action to drive productivity and business growth. That said, these employees are also far more willing to share company data, and are notably oblivious towards security,” said Beverly Lu, Senior Director of Marketing, Asia Pacific Japan, Aruba Networks.
However, as this high-risk culture enters the enterprise, the report finds an alarming level of disparity among industries, individuals and countries when it comes to the treatment of mobile devices and data:
The Discrepancy Between Industries
· Finance is leaking data:
o Global - Believe it or not, 39% of global respondents from financial institutions admit to losing company data through the misuse of a mobile device, which is 25% higher than the average across all industries surveyed. The public sector (excluding education) is the least likely to report lost or stolen data.
o Malaysia - In Malaysia, a high 39% of the workers in the finance industry report loss of personal data and 23% admit to identify theft. It is the hospitality sector (excluding education) that is least likely to report lost or stolen data in Malaysia
· High tech is at high risk:
o Global - High tech employees globally are nearly two times (46%) more likely than hospitality or education workers to simply give up their device password if asked for it by IT.
o Malaysia - Comparable with the global respondents, Malaysia high tech employees are two times (42%) more likely to give out their passwords if asked by IT compared to workers in the education sector.
· Finance professionals and teachers need a lesson on security in Malaysia:
o Global - The study reveals that educators globally are 28% more likely to store passwords on a sheet of paper compared to those in high tech. Educators also score the lowest, compared to all other industries, when asked if they password-protect their personal smartphones.
o Malaysia - Finance professionals (34%) and educators (17%) in Malaysia are most likely to store passwords on a sheet of paper compared to other industries. They also scored the lowest when asked if they password protect their personal smartphones.
Spotting the Risky Individual
· Females in Malaysia more prone to data theft:
o Global - Men are 20% more likely to have lost personal or client data due to the misuse of a smartphone, and 40% more likely than females to fall victim to identity theft.
o Malaysia - In contrast, women in Malaysia (26%) are more likely to have lost personal data due to the misuse of a smartphone compared to men (20%). Women here are also more prone to identify theft.
· Younger employees wreak havoc on company security:
o Global - Respondents over the age of 55 are half as likely to experience identity theft or loss of personal/client data compared to younger employees. The age bracket with the highest propensity of data and identity theft are employees between 25 and 34 years old.
o Malaysia - Respondents over age of 55 in Malaysia are six times less likely to experience identity theft or loss of personal / client data compared to younger employees. It is the 25-34 years old group that are prone to losing their personal data.
· Larger salaries linked to greater security risk:
o Global - Employees earning more than USD60K are more than twice as likely as those earning less than USD18K to have lost company financial data and 20% more likely to lose personal data due to misuse or theft of a mobile device. Ironically, when offered money, those that earn greater than USD75K were three times as likely to give out their device password as respondents making less than USD18K.
o Malaysia - Employees in Malaysia who make more than USD60K are six times as likely to have lost company financial data and two times as likely to have lost personal data compared to those making less than USD18K. However, the higher income earners are not willing to give up their device password when offered them with money.
Mapping Global Risk Trends
· High-risk, high growth: The emerging and growth markets of China, Thailand and the United Arab Emirates (UAE), are found to exhibit the highest risk behaviors worldwide suggesting that greater risk-taking is linked to increased growth and opportunity as much as it relates to security risk.
· West is playing it safe: To support this connection, the least risk-prone countries are the westernized markets, including the USA, UK and Sweden.
Businesses lacking adaptability
The study suggests that businesses may not be prepared for what lies ahead with over a third (37% globally and 26% in Malaysia) do not have any type of basic mobile security policy in place. Nearly a fifth (18%) of employees globally and 11% in Malaysia, do not use password protection on their devices, suggesting that employers are not enforcing some basic security practices.
Aruba contends that if businesses strategically measure and intelligently manage their security, the more flexible, open methods of working and information exchange that #GenMobile workers bring can drive new business innovation.
“Organizations should strive to build a secure and operational framework for all workers, rather than stifle them. These trends underline that #GenMobile employees continue to be a growing part of the everyday workforce, but they also bring with them some risky behaviors,” said Lu.
“In a contemporary connected world, firms need to nurture creativity, while at the same time minimize the risk of data and information loss. As a result, employers need to take an adaptive trust approach to connectivity and data security, identifying individual worker preferences that factor multiple layers of contextual information in order to build secure infrastructures around them.”
Run Your Risk
Using this global data, Aruba has developed an online Security Risk Index tool to allow organizations to benchmark their Mobile Security risk levels relative to organizations in their country and industry.