Subscribe

Employees flout security policies

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 26 Jan 2018
Reckless employee behaviour endangers businesses.
Reckless employee behaviour endangers businesses.

Almost half (47%) of global IT decision-makers claim their organisation has fallen victim to a data breach at least once, and a further 11% have no idea if they have been breached or not.

This was revealed by the Application Intelligence Report (AIR) is a global research project that examines the behaviour and attitudes employees around the world toward the use of business and personal apps, and their impact on risk, security, and corporate culture. The study was commissioned by A10 Networks, and involved more than 2 000 business and IT professionals across 10 countries.

DDOS, ransomware

The research also revealed that the average company suffers 15 DDOS attacks per year. However, 37% of employees don't know what a DDOS attack is, and 11% have no idea if they have experienced one or not. "This makes it even more challenging for IT and security pros to defend their networks and to influence their employee-base - it's hard to protect someone who is unaware of the danger and unable to take the measures necessary to prevent attacks," said A10 Networks.

ITWeb Security Summit 2018

Registration is open for the ITWeb Security Summit 2018, being held in Johannesburg on 22 and 23 May and in Cape Town on 28 and 29 May. This is the must-attend annual event for information security professionals, featuring international speakers, workshops, as well as a beginners' guide to cyber security. Click here.

In terms of ransomware, nearly a quarter (22%) of IT professionals say their organisation has been the victim at least once, and an another 26% say it is most likely they have fallen victim to one, but they aren't sure. "This means that nearly half of businesses surveyed have fallen victim to this scourge, or are unaware whether they are vulnerable to a potential ransomware attack."

Also revealed by the survey, was the fact that although IT teams continue to invest in security, only 41% of IT leaders are only slightly optimistic about their ability to stop threats and protect their company. Moreover, almost half (48%) of them believe that their employees do not care about following security practice

App security

One question where respondents had no clear answers, was around application security, and who is ultimately responsible for it - the application developers, IT departments or the end users, and only 41% of employees surveyed claim ownership for the security and protection of non-business apps they use.

Twenty percent of those employees say they think security should be provided by app developers, while service providers follow with 17%, and IT department with 16%. "Almost a third of employees surveyed knowingly use apps prohibited by their organisations."

And of those who knowingly use unsanctioned apps, over half (51%) says 'everybody does it', and just over a third (36%) say the IT department has no right to tell them which apps they may or may not use. Another third claim their organisation's IT department doesn't provide them with the apps they need to do their jobs.

Curbing reckless behaviour

Blocking certain Web sites and applications that aren't sanctioned at work is one way IT can attempt to lessen risk and curb reckless employee behaviour, and some 61% of employees claimed their companies do exactly that.

However, others go the training route, believing that reckless or negligent staff behaviour is often due to a lack of security awareness and education within their businesses. Eighty-eight percent of IT leaders say employees need better education on security best practices, although a quarter of them believe there will be no improvement in security behaviour in their organisations, despite these efforts.

A further 29% of IT pros surveyed said their greatest challenge in protecting their organisation is a lack of adherence to security policy and enforcement.

Share