UAE in top three for high-risk behaviour: study
Cyber security under threat from emerging #GenMobile, says Aruba
Corporate cyber security policies are ill-equipped to deal with the "high-risk, high-growth mind-set of the #GenMobile workforce", according to a recent study by Aruba Networks, which shows the UAE workforce to exhibit one of the highest-risk behaviours worldwide, along with Thailand and China.
California, US-based Aruba urged worldwide businesses to address "the chasm that is exposed between age, gender, income level, industry and geographic location", which Aruba insists has "a direct effect" on corporate data security.
According to Aruba, its threat study, "Securing #GenMobile: Is Your Business Running the Risk?" polled over 11,500 workers across 23 countries worldwide including Saudi Arabia and UAE, which are the two largest IT markets in the Middle East.
"[The report] showcases that employee attitudes are swaying towards a more sharing, security-agnostic workplace," Aruba said in a statement. "The study shows that highly regulated and tech-savvy industries, higher-earning males, and emerging markets pose the greatest risk to enterprise data security."
Aruba believes three key trends highlight how #GenMobile is paving the way for risk-prone behaviour in the workforce: device sharing; security apathy in device selection; and policy resistance in pursuit of productivity.
"Organisations in the Middle East should strive to build a secure and operational framework for all workers, rather than stifle them," said Ammar Enaya, general manager, Aruba Networks Middle East. "These trends underline that #GenMobile employees continue to be a growing part of the everyday workforce, but they also bring with them some risky behaviours.
"In a contemporary connected world, firms need to nurture creativity, while at the same time minimise the risk of data and information loss. As a result, employers need to take an adaptive trust approach to connectivity and data security, identifying individual worker preferences that factor multiple layers of contextual information in order to build secure infrastructures around them."
Continues on next page>>
According to the study, six in 10 employees frequently share devices with others. Almost 20% do not secure devices with passwords and 22% of that group said they forgo security measures so they can share more easily. When purchasing a device, security ranks fifth in #GenMobile's priority list, with factors such as brand and operating system deemed much more important. Some 87% assume IT departments will take responsibility for device and data protection, but 31% have lost data due to the misuse of a mobile device.
Of those polled, 56% said they were willing to disobey their boss to get something done, and another 51% said mobile technologies enable them to be more productive and engaged. Over three quarters (77%) were willing to perform self-service IT.
"#GenMobile workers are flexible, transparent and collaborative, willing to take action to drive productivity and business growth," said Ben Gibson, CMO of Aruba Networks. "That said, these employees are also far more willing to share company data, and are notably oblivious towards security."
Finance leads other industries in data leakage; 39% of respondents from financial institutions admit to losing company data through the misuse of a mobile device, which is 25% higher than the average across all industries surveyed, Aruba said.
Public sector organisations, excluding education, proved least likely to report lost or stolen data. But educators stand out as being 28% more likely to store passwords on a sheet of paper compared with those in high tech. However, employees of technology companies are 46% more likely to simply give up their device password if asked for it by IT, than hospitality or education workers.
Continues on next page>>
Males are more prone to data theft, as men are 20% more likely to have lost personal or client data due to the misuse of a smartphone, and 40% more likely than females to fall victim to identity theft.
The report also suggests that younger employees are more of a security risk. Respondents over the age of 55 are half as likely to experience identity theft or loss of personal/client data compared to younger employees. The age bracket with the highest propensity of data and identity theft are employees between 25-34 years old.
Larger salaries are also linked to greater security risk. Employees earning more than $60K are more than twice as likely as employees earning less than $18K to have lost company financial data and 20% more likely to lose personal data due to misuse or theft of a mobile device. When offered money, those that earn greater than $75K were three times as likely to give out their device password as respondents making less than $18K.
The study suggests that businesses may not be prepared for what lies ahead with over one third (37%) not having any type of basic mobile security policy in place. Nearly one fifth (18%) of employees do not use password protection on their devices, suggesting that employers are not enforcing some basic security practices.