Based on findings from an independent 20-country survey of 3,200 employees aged 21-32 conducted during October 2013, Fortinet research also describes the extent to which Generation Y have been victims of cybercrime on their own devices, their ‘threat literacy’ and their widespread practice for storing corporate assets on personal cloud accounts.
Despite respondents’ positivity about their employers’ provisions for BYOD policy, with 45% agreeing this ‘empowers’ them, in total, 51% stated they would contravene any policy in place banning the use of personal devices at work or for work purposes.
This alarming propensity to ignore measures designed to protect employer and employee alike carries through into other areas of personal IT usage. 36% of respondents using their own personal cloud storage (e.g. DropBox) accounts for work purposes said they would break any rules brought in to stop them. On the subject of emerging technologies such as Google Glass and smart watches almost half (48%) would contravene any policy brought in to curb use of these at work.
When asked how long it would take for wearable technologies such as smart watches and Google Glass to become widespread at work or for work purposes, 16% said ‘immediately’ and a further 33% when costs come down. Only 8% of the entire sample disagreed that the technologies would become widespread.
89% of the sample has a personal account for at least one cloud storage service with DropBox accounting for 38% of the total sample. 70% of personal account holders have used their accounts for work purposes. 12% of this group admits to storing work passwords using these accounts, 16% financial information, 22% critical private documents like contracts/business plans, while a third (33%) store customer data.
Almost one third (32%) of the cloud storage users sampled stated they fully trust the cloud for storing their personal data, with only 6% citing aversion through lack of trust.
When asked about devices ever being compromised and the resulting impact, over 55% of responses indicated an attack on personally owned PCs or laptops, with around half of these impacting on productivity and/or loss of personal and/or corporate data. Attacks were far less frequent on smartphones (19%), with a slightly higher proportion resulting in loss of data and/or loss of work productivity than on PCs/laptops, despite the sample reporting a higher level of ownership of smartphones than for laptops and PCs. The same percentage was observed for tablets (19%), but with greater consequences, since 61% of those attacks resulted in significant impact.
Among one of the worrying findings of the research, 14% of respondents said they would not tell an employer if a personal device they used for work purposes became compromised.
The research exercise examined ‘literacy levels’ for different types of security threat, with the results revealing two opposing extremes of ignorance and enlightenment, separated by an average of 27% with minimal awareness. Questioned on threats like APTs, DDoS, Botnets and Pharming, up to 52% appear completely uneducated on these types of threats. This represents an opportunity for IT departments to provide further education around the threat landscape and its impact.
The survey also hinted at a direct correlation between BYOD usage and threat literacy, i.e. the more frequent the BYOD habit, the better a respondent’s understanding of threats. This represents a positive finding for organizations when considering if/when to bring policies in alongside training on the risks.