BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Young professionals exposing workplaces to cyber attack

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 12 Dec 2013 01:43:54 -0700
http://net-security.org/secworld.php?id=16096

Low cyber-threat awareness amongst Gen-Y professionals coupled with blasé
attitudes towards cyber security are leaving organizations across the
country exposed to attack and data leaks according to ESET.

Thirty-eight percent of Gen-Y professionals, those aged 18 to 30 years old,
are unaware of, or don’t believe, their company has an IT security policy,
whilst a further 30 percent of those who are aware of the existence of an
IT security policy do not know what it is. Half also believe it’s nearly
always their organization’s sole responsibility to ensure the safety of
data.

In addition, young professionals showed a naivety towards the sensitivity
of data and its value to cybercriminals. Almost a fifth believe an attacker
would be able to do nothing with their company’s data if stolen or a device
hacked, whilst only half believe hackers would be looking to sell their
company’s data.

Just over 50 per cent are also unaware that stolen data could be used
against their company, and 70 per cent that hacked devices can be
manipulated to make further future attacks. A complete lack of concern over
the effects upon their company and its data if a work device is hacked,
lost or stolen is also apparent in almost a third of young professionals.

Forty-four percent of young professionals have connected, or are unsure if
they have connected, their own devices, potentially infected with malicious
malware, to their company’s network. Forty-seven percent also use work
devices for personal use, with one in ten lending these to people outside
the organization.

The need to ensure only secure devices are allowed access to their
company’s networks was also completely disregarded by a tenth of young
professionals who admit they may have shared access to their company’s
network with third parties.

Technical Director of ESET UK, Mark James, said: “Young professionals are
the most tech savvy when it comes to personal brand, yet when it comes to
transferring that same shrewdness to their business lives, they are
arguably some of the most unreliable. This highlights a need for IT
security teams to engage with younger employees in the creation of policies
that suit the needs of both parties.”

“More likely to blur the boundaries between work and personal devices,
Gen-Y are the early adopters of new technologies; often more blasé about
security practises as they’ve been brought up experimenting with technology
and sharing personal data via social media.”

18-24 year olds seemed even less engaged and more risk-prone than 25-30
year olds. The very youngest members of the workforce were more likely to
lend work devices to friends or family, and three-times more likely to have
intentionally shared non-guest access/passwords to their company’s network.

Mark James continued: “If younger workers are connecting their own devices
to the network, one approach is for organizations to ensure they have
appropriate personal security. This could be aided through
choose-your-own-device policies which place more control back into the
hands of the IT team. Employees accessing the network through their own
devices are given a choice from a select set of products with adequate and
regularly updated home security already installed on these devices”

The want to engage with IT security teams to develop policies is wanted by
a large number of young professionals. Nationally, a quarter would like a
voice in the development of their organization’s policies towards IT
security. However, attitudes do vary across the country. Only 11 percent of
young professionals in East Anglia, and nine percent in Northern Ireland,
would like more say in how their company develops its IT security policies,
compared to nearly 40 percent in both Wales and the East Midlands.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: