According to a global study commissioned by Blue Coat Systems, and undertaken by Vanson Bourne, there’s a global trend of employees ignoring cyber risks to their companies and organisations, despite typically being fully aware of the risks.
Over 60% of global respondents to the survey view using a new application without the IT department’s consent as a serious cyber-security risk to the business, but in Australia just 14% admitted doing it without permission.
And, Blue Coat CISO ANZ, Damien Manuel, says the research found the actions of employees at odds with their awareness of the growing cyber threats facing the workplace.
“While the majority of employees are aware of cyber security risks, there are still some who take chances; thereby potentially jeopardising corporate network security,” Manuel said.
“The consumerisation of IT and social media carry mixed blessings to enterprises. It is no longer feasible to prevent employees from using them, so businesses need to find ways to support these technology choices while simultaneously mitigating the security risks.”
Blue Coat points out that one source of cyber threats is the practice of phishing, with cyber criminals continuously conducting extensive research on employees’ social profiles to find information that can be used to attack organisations. For example, an attacker may create a seemingly personalised email targeted at an IT administrator for a large enterprise using information found on social media profiles, such as the recipient’s alma mater or favourite sports team. That email may contain malware that is downloaded once the recipient clicks on a link included in the document.
Pornography continues to be one of the most popular methods of hiding malware or malicious content, according to the study, and even though awareness is high of the threat posed by adult content sites, workers are still visiting these potentially dangerous sites.
The Blue Coat survey found that at 19%, China has the worst record for viewing adult content sites on a work device, with Mexico (10%) and the UK (9%) not far behind.
The majority of global survey participants admitted understanding the obvious cyber threats when downloading email attachments from an unknown sender, or using social media and unapproved apps from corporate networks without permission, but knowing this, did not curb their risk-taking.
Other findings include:
• Although 65% of global respondents view using a new application without the IT department’s consent as a serious cyber-security risk to the business, 26% admitted doing so
• In Singapore 37% of respondents used new applications without IT’s permission, compared to 22% in China and Korea, and just 14% in Australia
• Obvious risks such as opening emails from unverified senders still happen at work. Nearly one out of three (29%) of Chinese employees open email attachments from unverified senders, even though nearly three out of four (72%) see it as a serious risk, whereas Korean (63%) businesses view the threat less seriously yet open far less unsolicited emails, at 11%
• Nearly two out of five employees globally (41%) use social media sites for personal reasons at work – a serious risk to businesses, as cyber criminals hide malware on shortened links and exploit encrypted traffic to deliver payloads
• While globally, 6% of respondents still admitted viewing adult content on work devices, China ranked the highest with nearly one in five (19%) employees admitting to viewing adult content at work, compared to Singapore and Australia at 5% and 2% respectively.