- Security TWENTY
- Women in Security
Low cyber-threat awareness among Gen-Y professionals plus blasé attitudes towards cyber security are leaving organisations across the country exposed to attack and data leaks.
That is according to new research commissioned by an internet security company, ESET. Thirty-eight percent of Gen-Y professionals, those aged 18 to 30, are unaware of, or don’t believe, their company has an IT security policy, while a further 30 percent of those who are aware of the existence of an IT security policy do not know what it is. Half also believe it’s nearly always their organisation’s sole responsibility to ensure the safety of data.
Young professionals showed a naivety, the survey suggested, towards the sensitivity of data and its value to cybercriminals. Almost a fifth believe an attacker would be able to do nothing with their company’s data if stolen or a device hacked, whilst only half believe hackers would be looking to sell their company’s data. Just over half are also unaware that stolen data could be used against their company, and 70 per cent that hacked devices can be manipulated to make further future attacks. A lack of concern over the effects upon their company and its data if a work device is hacked, lost or stolen is also apparent in almost a third of young professionals, according to the survey.
Forty-four percent of young professionals have connected, or are unsure if they have connected, their own devices, potentially infected with malicious malware, to their company’s network. Forty-seven percent also use work devices for personal use, with one in ten lending these to people outside the organisation. The need to ensure only secure devices are allowed access to their company’s networks was also completely disregarded by a tenth of young professionals who admit they may have shared access to their company’s network with third parties.
Technical Director of ESET UK, Mark James, said: “Young professionals are the most tech savvy when it comes to personal brand, yet when it comes to transferring that same shrewdness to their business lives, they are arguably some of the most unreliable. This highlights a need for IT security teams to engage with younger employees in the creation of policies that suit the needs of both parties. More likely to blur the boundaries between work and personal devices, Gen-Y are the early adopters of new technologies; often more blasé about security practises as they’ve been brought up experimenting with technology and sharing personal data via social media.”
Those 18 to 24 year olds seemed even less engaged and more risk-prone than 25 to 30 year olds. The very youngest members of the workforce were more likely to lend work devices to friends or family, and three-times more likely to have intentionally shared non-guest access/passwords to their company’s network.
Mark James added: “If younger workers are connecting their own devices to the network, one approach is for organisations to ensure they have appropriate personal security. This could be aided through choose-your-own-device policies which place more control back into the hands of the IT team. Employees accessing the network through their own devices are given a choice from a select set of products with adequate and regularly updated home security already installed on these devices”
An engagement with IT security teams to develop policies is wanted by a large number of young professionals. Nationally, a quarter would like a voice in the development of their organisation’s policies towards IT security. However, attitudes do vary across the country. Only 11 percent of young professionals in East Anglia, and nine percent in Northern Ireland, would like more say in how their company develops its IT security policies, compared to nearly 40 percent in both Wales and the East Midlands.