It is always interesting in analyzing data to look deeply at results that are highly correlated. It is why, given the absolute priority of securing enterprise data and assuring employees are well-schooled in best practices for risk avoidance and mitigation, the a recent survey done by Sunnyvale, CA-based mobile access solutions provider Aruba Networks is so interesting. In fact, according to Aruba it turns out that some of us are way more cautious than others. As the headline says, these differences in attitudes and practices regarding security are very much linked to our age, industry and where we live and work.
The new report, “Securing #GenMobile: Is Your Business Running the Risk” security threat study, had a rather large sample size. It questioned over 11,500 workers across 23 countries worldwide. And, as has been Aruba’s focus in recent years, finding out more about “#GenMobile” (mostly what are considered the Millennials) was an important objective. The reasons are they not only are making up a growing portion of the workplace and will be our managers of the future if not now, but they also more digitally adept and in theory more savvy as well when it comes to security.
Unfortunately, as the results from the survey show theory and practice don’t necessarily coincide. What Aruba wanted to find out more about was how employee attitudes are swaying towards more sharing of devices, while at the same time users seem indifferent to security in the workplace. Indeed, the study found that highly regulated and tech savvy industries, higher-earning males, and emerging markets pose the greatest risk to enterprise data security. And, there was more.
Business seems ill-prepared for #GenMobile’s Mindset about tech usage and security
Because of the survey findings, Aruba is actually calling for businesses worldwide to take action to reverse a serious problem it found. It seems that enterprises globally are ill prepared for the challenges posed by the high-risk, high-growth mindset of the #GenMobile workforce. They have created what Aruba calls an “alarming disparity around security practices in the corporate world.” The chasm exposed in the report relates to attitudes differentiated by age, gender, income level, industry and geographic location that have a direct effect on the security of corporate data. This is truly risky business.
Aruba believes three key trends highlight how #GenMobile is paving the way for risk-prone behavior in the workforce – which can be both good and bad for business.
Sharing becomes the norm: Six in ten share their work and personal devices with others regularly. Nearly a fifth of employees don’t have passwords on devices, with 22 percent of those stating they don’t have security measures in place so that they can share more easily.Indifferent attitudes towards security arise : Security ranks fifth behind brand and operating system when #GenMobile is making buying decisions for new devices. Nearly nine in ten (87 percent) assume their IT departments will keep them protected; however, nearly a third (31 percent) have lost data due to the misuse of a mobile device.Self-empowerment succeeds: Over half (56 percent) of workers today said they are willing to disobey their boss to get something done, another (51 percent) say that mobile technologies enable them to be more productive and engaged, and over three quarters (77 percent) are willing to perform self-service IT.
The graphic below is illustrative of the challenge.
Source: Aruba Networks“#GenMobile workers are flexible, transparent and collaborative, willing to take action to drive productivity and business growth. That said, these employees are also far more willing to share company data, and are notably oblivious towards security,” said Ben Gibson, CMO of Aruba Networks.
The disparities run deep. The report illustrates such disparities are directly correlated according to industries, individuals and countries when it comes to the treatment of mobile devices and data. It is why the granularity in the report is worth a peak.
The discrepancy between industries
Finance is leaking data: Some 39 percent of respondents from financial institutions admit to losing company data through the misuse of a mobile device, which is 25 percent higher than the average across all industries surveyed. The public sector (excluding education) is the least likely to report lost or stolen data.
High tech is at high risk: High tech employees are nearly two times (46 percent) more likely than hospitality or education workers to simply give up their device password if asked for it by IT.
Teachers need a lesson on security: The study reveals that educators are 28 percent more likely to store passwords on a sheet of paper compared to those in high tech. Educators also score the lowest compared to all other industries when asked if they password-protected their personal smartphones.
Spotting the risky individual
Males more prone to data theft: Men are 20 percent more likely to have lost personal or client data due to the misuse of a smartphone, and 40 percent more likely than females to fall victim to identity theft.
Younger employees wreak havoc on company security: Respondents over the age of 55 are half as likely to experience identity theft or loss of personal/client data compared to younger employees. The age bracket with the highest propensity of data and identity theft are employees between 25-34 years old.
Larger salaries linked to greater security risk: Employees earning more than $60K are more than twice as likely as employees earning less than $18K to have lost company financial data, and 20 percent more likely to lose personal data due to misuse or theft of a mobile device. Ironically, when offered money, those that earn greater than $75K were three times as likely to give out their device password as respondents making less than $18K.
Mapping Global Risk Trends
High-risk, high growth: The emerging and growth markets of China, Thailand and the United Arab Emirates (UAE), are found to exhibit the highest risk behaviors worldwide suggesting that greater risk-taking is linked to increased growth and opportunity as much as it relates to security risk.
West is playing it safe: To support this connection, the least risk-prone countries are the westernized markets, including the USA, UK and Sweden.
Businesses lacking adaptability
The study suggests that businesses may not be prepared for what lies ahead with over a third (37 percent) not having any type of basic mobile security policy in place. Nearly a fifth (18 percent) of employees do not use password protection on their devices, suggesting that employers aren’t enforcing some basic security practices.
Aruba contends that if businesses strategically measure and intelligently manage their security, the more flexible, open methods of working and information exchange that #GenMobile workers bring can drive new business innovation.
“Organizations should strive to build a secure and operational framework for all workers, rather than stifle them. These trends underline that #GenMobile employees continue to be a growing part of the everyday workforce, but they also bring with them some risky behaviors,” said Gibson.
“In a contemporary connected world, firms need to nurture creativity, while at the same time minimize the risk of data and information loss. As a result, employers need to take an adaptive trust approach to connectivity and data security, identifying individual worker preferences that factor multiple layers of contextual information in order to build secure infrastructures around them.”
In speaking with Trent Fierro, Senior Manager of Product Marketing at Aruba, he elaborated on the adaptive trust formulation that is Aruba’s call to action. “Companies have not kept up with security and users want to do what they want, when they want and how they want and are willing to bypass policies and rules. In looking at how to get around the challenges of increased BYOD in enterprises and user behavior, it is clear that the adaptive piece is important. Not only must enterprises adapt to the fact that the people, devices, apps that run on those devices, network accessed and the traffic on those networks and what is stored at the destinations they interact with are all secure, we also need to make sure that in the process of getting more protected we leverage the capabilities that exist and get buy-in from management and the users.”
He added, that these means, “You have to simultaneously be more vigilant through greater visibility while being more agile in terms of enabling individuals to work in ways that they believe are more efficient and effective.”
Finally, if you are curious about your organization’s online security risk Aruba has develop a nice little tool that may be encouraging or discouraging depending on your expectations about your company’s mobile security stance. Based on a global data base, the Aruba online Security Risk Index tool will enable you to benchmark your Mobile Security risk levels relative to organizations in your country and industry. Based on the findings from the survey, you may wish to take the tool out for a spin.
Edited by
Maurice Nagle
QUICK LINKS 
