Millennials ‘greatest’ security risk to data in workplace: study

According to a recent study by the Ponemon Institute and Citrix, millennials (1977 and 1992) bring to the workplace a growing number of mobile apps, devices and new methods of information sharing and collaboration that pose heightened security risks for businesses.

The study reveals that over half (55%) of ANZ respondents consider millennials to pose the greatest risk to sensitive and confidential data in the workplace - compared with 26% for Gen X and 19% for baby boomers).

And alongside millennials posing the greatest risk of using unapproved apps or devices in the workplace (40%), each generation is also susceptible to different kinds of security vulnerabilities:

{loadposition peter}

•     30% said Gen Xers, born 1965-1980, were most likely to be negligent or careless when following organisational security policies.
•     32% said Baby Boomers, born 1946-1964, are most susceptible to phishing and social engineering scams

And Citrix says the situation is compounded by the fact that the average cost of a cyber-attack to Australian businesses is about $622,000 and about three quarters of all Australian businesses have been attacked in the past year, with as many as one third in one month alone.

According to the study, the need to put in place a robust IT security infrastructure is coupled with security executives experiencing a lack of support and confidence in their ability to protect their organisation’s security.

“Australia has been on the receiving end of numerous cyber-attacks, including a recent, high-profile stinging attack on the country’s Bureau of Meteorology. Cyber-crime alone poses a real threat in Australia, with the Australian Crime Commission estimating the annual cost of cyber-crime to Australia is over AU$1 billion in direct costs,” says Les Williamson, vice president, APAC region, Citrix.

“With that in mind, it’s particularly concerning to see that ANZ security professionals don’t feel confident they can protect their organisations’ security, especially with the new working behaviours we’re seeing from millennial employees.”

According to Williamson the modern workforce is more flexible and “traditional security approaches need to evolve to keep up especially with the stakes so high”.

“A more flexible IT security architecture must consider the needs of the workforce, including generational differences. It should extend beyond traditional fixed end-point security approaches so it delivers threat detection and protection of apps and data at all stages. Ultimately, we at Citrix want to provide a secure foundation for apps and data across any location, network and device so businesses can eliminate security threats and focus on their company and customers.”

To tackle new security risks within the workplace, 72% of ANZ respondents to the survey said a new IT security framework is needed to improve their security posture and reduce risk.

But, when it comes to this new key area of risk – the influx of new, unapproved apps and devices – ANZ professionals do not feel confident in their ability to defend their organisation, and when asked about their effectiveness in reducing the risk from these, 36% felt ineffective, compared with 30% globally.

The survey revealed that ANZ security execs also feel unsupported and lack confidence in their ability to defend their organisation’s security, even though the majority (88%) of Australian organisations invest more than $1 million in their information security budget.

As part of the study, respondents were asked to rate their effectiveness in six key areas of security protection.

In each category, ANZ professionals had less confidence in their ability than the global average, which is further supported by more than two thirds (69%) of ANZ respondents saying their senior leadership does not view cybersecurity as a strategic priority.

The six key areas of security protection are:

•        Protecting sensitive apps and data at rest, in use and in motion: 33% of ANZ professionals felt ineffective, as opposed to 24% globally
•        Access control and multi-factor authentication solutions in protecting information on devices, servers or in the cloud: 39% of ANZ professionals rated on the lower end of the scale, compared with 28% globally
•        Reducing the risk from an influx of new, unapproved apps and devices: 36% in ANZ felt inefficient compared with 30% globally
•        Ensuring continuity and ongoing business operations when disruptions occur: 30% in ANZ compared with 23% globally
•        Ensuring the availability and performance of traffic over any network: 14% of ANZ professionals felt ineffective, as opposed to 13% globally
•        Reducing the risk of attacks such as DDoS, browser and ransomware: 24% in ANZ vs. 20% globally.