Gen-Y has no time for corporate BYOD policies: Fortinet survey
By Digital News Asia November 1, 2013
- Up to 57% of 21-32 year old employees would contravene company policies restricting use of personal devices
- 55% would contravene any policy that curbs the use of emerging tech such as Google Glass or smart watches
NETWORK security company Fortinet has published global research revealing the growing appetite of Generation Y employees to contravene corporate policies governing the use of own devices, personal cloud storage accounts and new technologies such as smart watches, Google Glass and connected cars.
Based on findings from an independent 20-country survey of 3,200 (908 of them in Asia) employees aged 21-32, conducted during October, the research showed a 21% increase in the willingness to break usage rules, compared with a similar Fortinet survey conducted last year.
The new research also describes the extent to which the Gen-Y have been victims of cybercrime on their own devices, their ‘threat literacy’ and their widespread practice for storing corporate assets on personal cloud accounts, the company said in a statement.
The Fortinet Internet Security Census 2013 was undertaken on behalf of Fortinet by independent market research company Vision Critical. The survey involved 3,200 university graduate level individuals aged 21 to 32 from more than 12 different industry sectors and in full time employment, who own their own smartphone, tablet or laptop.
The 20 territories which participated in the survey are: Brazil, Canada, Chile, China, Colombia, France, Germany, Hong Kong, India, Italy, Japan, South Korea, Mexico, Netherlands, Poland, Russia, Spain, Taiwan, the United Kingdom and the United States.
Strong trend of contravention
Despite respondents’ positivity about their employers’ provisions for BYOD (bring your own device) policy, with 48% agreeing this ‘empowers’ them, in total, 46% stated they would contravene any policy in place banning the use of personal devices at work or for work purposes.
This alarming propensity to ignore measures designed to protect employer and employee alike carries through into other areas of personal IT usage – 43% of Asian respondents using their own personal cloud storage (e.g. DropBox) accounts for work purposes said they would break any rules brought in to stop them.
On the subject of emerging technologies such as Google Glass and smart watches, more than half (55%) would contravene any policy brought in to curb the use of these at work.
When asked how long it would take for wearable technologies such as smart watches and Google Glass to become widespread at work or for work purposes, 20% said ‘immediately’ and a further 39% when costs come down. Only 3% of the Asian respondents disagreed that the technologies would become widespread.
Also, 90% of the sample has a personal account for at least one cloud storage service with DropBox accounting for 32% of the total sample, while 72% of personal account holders have used their accounts for work purposes.
Furthermore, 15% of this group admits to storing work passwords using these accounts, 19% financial information, 25% critical private documents like contracts/business plans, while more than a third (39%) store customer data.
Almost one-third (32%) of the Asian cloud storage users sampled stated they fully trust the cloud for storing their personal data, with only 6% citing aversion through lack of trust.
Threat literacy required
When asked about devices ever being compromised and the resulting impact, over 56% of responses indicated an attack on personally owned PCs or laptops, with around half of these impacting on productivity and/ or loss of personal and/ or corporate data, Fortinet said.
Attacks were far less frequent on smartphones (27%), despite the sample reporting a higher level of ownership of smartphones than for laptops and PCs. The same percentage was observed for tablets (27%), which were less commonly owned than laptops and PCs.
Among one of the worrying findings of the research, 12% of respondents said they would not tell their employer if a personal device they used for work purposes became compromised.
The research exercise examined ‘literacy levels’ for different types of security threat, with the results revealing two opposing extremes of ignorance and enlightenment.
Questioned on specific threats like APTs (Advanced Persistent Threats), DDoS (Distributed Denial of Service), botnets and pharming, more than half (61%) appear completely uneducated on these types of threats.
This represents an opportunity for IT departments to provide further education around the threat landscape and its impact, Fortinet said.
The survey also hinted at a direct correlation between BYOD usage and threat literacy, i.e. the more frequent the BYOD habit, the better a respondent’s understanding of threats.
This represents a positive finding for organisations when considering if or when to bring policies in alongside training on the risks.
“This year’s research reveals the issues faced by organisations when attempting to enforce policies around BYOD, cloud application usage and soon, the adoption of new connected technologies,” said George Chang (pic), Fortinet's vice president for South-East Asia & Hong Kong.
“The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed. There is now more than ever a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations.
“It’s worrying to see policy contravention so high and continuing to rise, as well as the high instances of Gen-Y users being victims of cybercrime.
“On the positive side, however, 88% of the Asian respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organisation’s IT security,” he added.
Gen-Y ‘BYOD’ workers have low regard for corporate IT security
Malaysians are all for BYOD, but their IT depts aren't: Survey
Setting up a BYOD beach-head in your enterprise
80% of BYOD use goes unmanaged, says Ovum
BYOD security: Singaporean SME staff left to their own devices