Tuesday, October 29, 2013

Fortinet Asia Survey Shows Generation Y’s Hardening Stance against Corporate Bring-Your-Own-Cloud Policies in the Workplace

Up to 57% of 21-32 year old employees would contravene company policies restricting use of own devices, cloud storage and wearable technologies for work

MALAYSIA, October 29, 2013 – Fortinet a global leader in high-performance network security – has published global research revealing the growing appetite of Generation Y employees to contravene corporate policies governing the use of own devices, personal cloud storage accounts and new technologies such as smart watches, Google Glass and connected cars. Based on findings from an independent 20-country survey of 3,200 (908 of them in Asia) employees aged 21-32 conducted during October 2013, the research showed a 21% increase in the willingness to break usage rules compared to a similar Fortinet survey conducted last year . The new research also describes the extent to which the Gen-Y have been victims of cybercrime on their own devices, their ‘threat literacy’ and their widespread practice for storing corporate assets on personal cloud accounts.

Strong Trend of Contravention
Despite respondents’ positivity about their employers’ provisions for BYOD policy, with 48% agreeing this ‘empowers’ them, in total, 46% stated they would contravene any policy in place banning the use of personal devices at work or for work purposes. This alarming propensity to ignore measures designed to protect employer and employee alike carries through into other areas of personal IT usage. 43% of Asian respondents using their own personal cloud storage (e.g. DropBox) accounts for work purposes said they would break any rules brought in to stop them. On the subject of emerging technologies such as Google Glass and smart watches, more than half (55%) would contravene any policy brought in to curb the use of these at work.

Wearable Technology Set to Enter the Workplace
When asked how long it would take for wearable technologies such as smart watches and Google Glass to become widespread at work or for work purposes, 20% said ‘immediately’ and a further 39% when costs come down. Only 3% of the Asian respondents disagreed that the technologies would become widespread.

Widespread Use of Personal Cloud Accounts for Sensitive Corporate Data
90% of the sample has a personal account for at least one cloud storage service with DropBox accounting for 32% of the total sample. 72% of personal account holders have used their accounts for work purposes. 15% of this group admits to storing work passwords using these accounts, 19% financial information, 25% critical private documents like contracts/business plans, while more than a third (39%) store customer data.
Almost one third (32%) of the Asian cloud storage users sampled stated they fully trust the cloud for storing their personal data, with only 6% citing aversion through lack of trust.

Threat Literacy Required as Survey Reveals Attacks Really do Happen
When asked about devices ever being compromised and the resulting impact, over 56% of responses indicated an attack on personally owned PCs or laptops, with around half of these impacting on productivity and/or loss of personal and/or corporate data. Attacks were far less frequent on smartphones (27%), despite the sample reporting a higher level of ownership of smartphones than for laptops and PCs. The same percentage was observed for tablets (27%), which were less commonly owned than laptops and PCs.

Among one of the worrying findings of the research, 12% of respondents said they would not tell their employer if a personal device they used for work purposes became compromised.

The research exercise examined ‘literacy levels’ for different types of security threat, with the results revealing two opposing extremes of ignorance and enlightenment (separated by an average of 33% with minimal awareness. Questioned on specific threats like APTs, DDoS, Botnets and Pharming, more than half (61%) appear completely uneducated on these types of threats. This represents an opportunity for IT departments to provide further education around the threat landscape and its impact.

The survey also hinted at a direct correlation between BYOD usage and threat literacy, i.e. the more frequent the BYOD habit, the better a respondent’s understanding of threats. This represents a positive finding for organizations when considering if/when to bring policies in alongside training on the risks.

“This year’s research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage and soon the adoption of new connected technologies,” said Dato’ Seri George Chang, Fortinet's Vice President for Southeast Asia & Hong Kong. “The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed. There is now more than ever a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations.”

“It’s worrying to see policy contravention so high and continuing to rise, as well as the high instances of Gen-Y users being victims of cybercrime,” continued Dato’ Seri George Chang. “On the positive side, however, 88% of the Asian respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization’s IT security.”

Fortinet亚洲区BYOD调查报告显示,Y世代就公司所规定有关限制BYOD(Bring-Your-Own-Device自携带设备)及BYOC (Bring-Your-Own-Cloud自用云服务) 使用政策持抵触态度21-32岁年龄段雇员中,高达57%的人反对公司关于限制使用个人设备、云存储设备与可穿戴设备的规定

马来西亚,2013年10月29日 - 全球网络安全设备与服务提供商Fortinet公司,最近发布了一份全球性的关于BYOD的调查报告,表明年轻一代(Y世代)的雇员,对公司关于限制使用个人存储设备、个人云储存账号和一系列新兴技术的规定(例如:智能手表、谷歌智能眼镜和连网汽车)会持强烈抵触态度。


尽管所调研的雇员对雇主所规定的有关BYOD政策表示肯定,48%的雇员同意自携带设备确实有助其工作,总体而言, 46%的调查对象表示定会违反禁止在工作中或用于工作目的的使用个人设备的任何规定与政策。  忽略对雇员与雇主设置的防护措施这样惊人的倾向性已贯穿其他行业与领域。

有43%的受访者会处于工作目的使用个人云存储服务(例如: DropBox),并表示定会违反任何禁止使用个人云存储服务这样规定。关于新兴技术例如谷歌眼镜与智能手表,将近半数以上(55%)的受访者表示定会抵触禁止用于工作或带入工作场所这样的规定。





调研数据还对受访者有关不同类型安全威胁的“意识水平”进行了测试,结果出现了两个极端——一无所知和启蒙意识,约占33%的人具有基本的安全意识。当被问及诸如:APT(高级持续性攻击), DDoS(拒绝服务攻击), Botnets(僵尸网络) 和Pharming(网络钓鱼)等类型攻击时,61%的人表明完全不了解。这正是IT部门提供进一步的网络威胁说明及其影响的机会。


“本年度的调查研究结果显示了公司以及组织机构在对BYOD、云端服务和新兴科技设备的使用制定限制措施时将会面临的问题”,Fortinet东南亚及香港区域副总裁Dato' Seri George Chang说到,“该项调研同样突显出当IT管理人员逐渐得知公司数据存储与访问的位置时所面临的挑战。现在比以往任何时候都需要对网络实施安全智能管理,基于设备以及所使用的应用与位置来管控用户的活动。”

“当看到有如此之多的雇员会违反公司限制使用个人IT设备,很多的年轻用户(Y时代用户)成为网络犯罪的受害者时,着实令人担忧”,Fortinet东南亚及香港区域副总裁Dato' Seri George Chang接着说道,“但从积极的一面来看,88%的受访者表示有义务了解由个人设备带来的安全风险。对员工提供网络安全威胁说明及其影响的相关培训,成为当今组织机构保障企业IT安全的又一关键方面。”

No comments: