Fortinet Asia Survey Shows Generation Y’s Hardening Stance against Corporate Bring-Your-Own-Cloud Policies in the Workplace

Up to 57% of 21-32 year old employees would contravene company policies restricting use of own devices, cloud storage and wearable technologies for work

MALAYSIA, October 29, 2013 – Fortinet a global leader in high-performance network security – has published global research revealing the growing appetite of Generation Y employees to contravene corporate policies governing the use of own devices, personal cloud storage accounts and new technologies such as smart watches, Google Glass and connected cars. Based on findings from an independent 20-country survey of 3,200 (908 of them in Asia) employees aged 21-32 conducted during October 2013, the research showed a 21% increase in the willingness to break usage rules compared to a similar Fortinet survey conducted last year . The new research also describes the extent to which the Gen-Y have been victims of cybercrime on their own devices, their ‘threat literacy’ and their widespread practice for storing corporate assets on personal cloud accounts.

Strong Trend of Contravention
Despite respondents’ positivity about their employers’ provisions for BYOD policy, with 48% agreeing this ‘empowers’ them, in total, 46% stated they would contravene any policy in place banning the use of personal devices at work or for work purposes. This alarming propensity to ignore measures designed to protect employer and employee alike carries through into other areas of personal IT usage. 43% of Asian respondents using their own personal cloud storage (e.g. DropBox) accounts for work purposes said they would break any rules brought in to stop them. On the subject of emerging technologies such as Google Glass and smart watches, more than half (55%) would contravene any policy brought in to curb the use of these at work.

Wearable Technology Set to Enter the Workplace
When asked how long it would take for wearable technologies such as smart watches and Google Glass to become widespread at work or for work purposes, 20% said ‘immediately’ and a further 39% when costs come down. Only 3% of the Asian respondents disagreed that the technologies would become widespread.

Widespread Use of Personal Cloud Accounts for Sensitive Corporate Data
90% of the sample has a personal account for at least one cloud storage service with DropBox accounting for 32% of the total sample. 72% of personal account holders have used their accounts for work purposes. 15% of this group admits to storing work passwords using these accounts, 19% financial information, 25% critical private documents like contracts/business plans, while more than a third (39%) store customer data.
Almost one third (32%) of the Asian cloud storage users sampled stated they fully trust the cloud for storing their personal data, with only 6% citing aversion through lack of trust.

Threat Literacy Required as Survey Reveals Attacks Really do Happen
When asked about devices ever being compromised and the resulting impact, over 56% of responses indicated an attack on personally owned PCs or laptops, with around half of these impacting on productivity and/or loss of personal and/or corporate data. Attacks were far less frequent on smartphones (27%), despite the sample reporting a higher level of ownership of smartphones than for laptops and PCs. The same percentage was observed for tablets (27%), which were less commonly owned than laptops and PCs.

Among one of the worrying findings of the research, 12% of respondents said they would not tell their employer if a personal device they used for work purposes became compromised.

The research exercise examined ‘literacy levels’ for different types of security threat, with the results revealing two opposing extremes of ignorance and enlightenment (separated by an average of 33% with minimal awareness. Questioned on specific threats like APTs, DDoS, Botnets and Pharming, more than half (61%) appear completely uneducated on these types of threats. This represents an opportunity for IT departments to provide further education around the threat landscape and its impact.

The survey also hinted at a direct correlation between BYOD usage and threat literacy, i.e. the more frequent the BYOD habit, the better a respondent’s understanding of threats. This represents a positive finding for organizations when considering if/when to bring policies in alongside training on the risks.

“This year’s research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage and soon the adoption of new connected technologies,” said Dato’ Seri George Chang, Fortinet's Vice President for Southeast Asia & Hong Kong. “The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed. There is now more than ever a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations.”

“It’s worrying to see policy contravention so high and continuing to rise, as well as the high instances of Gen-Y users being victims of cybercrime,” continued Dato’ Seri George Chang. “On the positive side, however, 88% of the Asian respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization’s IT security.”

Fortinet亚洲区BYOD调查报告显示，Y世代就公司所规定有关限制BYOD（Bring-Your-Own-Device自携带设备）及BYOC (Bring-Your-Own-Cloud自用云服务) 使用政策持抵触态度21-32岁年龄段雇员中，高达57%的人反对公司关于限制使用个人设备、云存储设备与可穿戴设备的规定

马来西亚，2013年10月29日 - 全球网络安全设备与服务提供商Fortinet公司，最近发布了一份全球性的关于BYOD的调查报告，表明年轻一代（Y世代）的雇员，对公司关于限制使用个人存储设备、个人云储存账号和一系列新兴技术的规定（例如：智能手表、谷歌智能眼镜和连网汽车）会持强烈抵触态度。

2013年10月份对来自20个国家，超过3200名的（21岁-32岁年龄段）员工（其中908名来自亚洲区）的独立调查数据表明：与去年同期的调查结果相比，今年有意违反公司限制规定使用个人设备的人数比例新增了21%。今年的调研中进一步延伸了调查话题就有关年轻一代（Y世代）可能因使用BYOD设备而成为网络罪犯的受害方的可能性、使用个人云端服务存在的安全威胁意识以及将公司相关信息存在在个人账号的云端服务可能带来的威胁隐患进行相关的调研。  

强烈支持BYOD/BYOC呈压倒性趋势
尽管所调研的雇员对雇主所规定的有关BYOD政策表示肯定，48％的雇员同意自携带设备确实有助其工作，总体而言， 46％的调查对象表示定会违反禁止在工作中或用于工作目的的使用个人设备的任何规定与政策。  忽略对雇员与雇主设置的防护措施这样惊人的倾向性已贯穿其他行业与领域。

有43%的受访者会处于工作目的使用个人云存储服务（例如： DropBox），并表示定会违反任何禁止使用个人云存储服务这样规定。关于新兴技术例如谷歌眼镜与智能手表，将近半数以上（55％）的受访者表示定会抵触禁止用于工作或带入工作场所这样的规定。

可穿戴设备将进入工作场所
但当被问及智能手表和谷歌眼镜等可穿戴设备在办公领域上得到广泛性使用需要多久时，20%的人认为“很快就能实现”，39%的认为“等到购买的费用降下来的时候”，只有3%的人认为可穿戴设备不可能会得到广泛使用。

使用个人云服务账号储存公司敏感数据的做法正在普遍流行
调查问卷中90%的人士表示拥有不止一个个人云服务账号，其中使用DropBox账号的占据了问卷总数的32%。72%的个人云服务账号持有者表示曾在工作中使用过私人账号。15%的受访者使用该类账号存储工作有关的密码，19%用来储存银行与财务信息，25%用它们来存储诸如：合同/商业计划等关键性个人文件，还有约占三分之一的人（39%）表示用来存放客户数据。
云服务账户使用人中，约三分之一（32%）的受访用户表明他们完全信任云服务，只用6%的人表明对云存储服务账户缺乏信任。

遭到网络攻击时所须具备的“风险意识水平”
当被问及个人设备是否曾经受到网络威胁的连累以及带来的严重后果，超过56%的受访者表示，个人电脑或笔记本电脑确实遭受过攻击，约有半数对工作效率造成影响，或造成个人数据和公司数据的损失。尽管调查数据表明，智能手机的持有率虽较高，但相比之下，智能手机遭受的攻击较少（约占27%），与个人电脑或笔记本电脑遭受攻击相比，造成的数据损失或工作效率的降低也相应较少。平板电脑遭受到的攻击也相对较少，约占27%。

在该次调查报告中，令人担忧的一项调查结果是：12%的受访者表明，如果用于工作目的个人设备遭受攻击时选择不会告诉自己的老板。

调研数据还对受访者有关不同类型安全威胁的“意识水平”进行了测试，结果出现了两个极端——一无所知和启蒙意识，约占33%的人具有基本的安全意识。当被问及诸如：APT（高级持续性攻击）, DDoS（拒绝服务攻击）, Botnets（僵尸网络） 和Pharming（网络钓鱼）等类型攻击时，61%的人表明完全不了解。这正是IT部门提供进一步的网络威胁说明及其影响的机会。

该次调查同样暗示了BYOD的使用与威胁意识之间存在着直接关联，即BYOD习惯越明显的人，对网络威胁的意识程度越高。这对公司或组织机构在考量提供网络安全威胁风险控制培训的时机与必要性方面是积极的发现。

“本年度的调查研究结果显示了公司以及组织机构在对BYOD、云端服务和新兴科技设备的使用制定限制措施时将会面临的问题”，Fortinet东南亚及香港区域副总裁Dato' Seri George Chang说到，“该项调研同样突显出当IT管理人员逐渐得知公司数据存储与访问的位置时所面临的挑战。现在比以往任何时候都需要对网络实施安全智能管理，基于设备以及所使用的应用与位置来管控用户的活动。”

“当看到有如此之多的雇员会违反公司限制使用个人IT设备，很多的年轻用户（Y时代用户）成为网络犯罪的受害者时，着实令人担忧”，Fortinet东南亚及香港区域副总裁Dato' Seri George Chang接着说道，“但从积极的一面来看，88%的受访者表示有义务了解由个人设备带来的安全风险。对员工提供网络安全威胁说明及其影响的相关培训，成为当今组织机构保障企业IT安全的又一关键方面。”