Company employees ignore cyber risks, survey reveals

Many company employees ignore cyber risks, exposing their organisations to attacks, a survey has revealed

Many company employees ignore cyber risks, exposing their organisations to attacks, a survey by security firm Blue Coat Systems has revealed.

The survey of more than 1,500 employees at organisations in 11 countries showed that employees visit inappropriate websites while at work, despite being aware of the risks to their companies.

The study conducted by independent research firm Vanson Bourne found the actions of employees at odds with their awareness of the growing cyber threats facing the workplace.

According to Blue Coat, this risky behaviour can leave corporate and personal data open to theft. This data can be used to access corporate accounts or trick others into revealing their credentials.

The security firm noted that pornography continues to be one of the most popular methods of hiding malware or malicious content.

Even though awareness of the threat posed by adult content sites is high, workers are still visiting these potentially dangerous sites, the survey showed.

Some 19% of respondents in China admitted viewing adult content sites on a work device, followed by Mexico (10%), the UK (9%), France (5%) and Germany (2%).

In March, three UK judges were dismissed for viewing pornographic material via their official IT accounts.

Employees aware of risks

Most respondents admitted understanding the obvious cyber threats when downloading email attachments from an unknown sender, or using social media and unapproved apps from corporate networks without permission, but knowing this did not curb their risk-taking.

One out of five UK employees admitted opening email attachments from unverified senders, even though 78% see this as a serious risk.

While 64% of German respondents and 63% of French respondents consider this a serious risk, only 16% of respondents in these countries said they opened unsolicited emails.

Read more about social media and security

The survey revealed that although 66% of all respondents view using a new application without the IT department’s consent as a serious cyber security risk to the business, 26% admitted doing so.

In the UK, 33% of respondents used new applications without IT’s permission, compared with 27% in Germany and just 16% in France.

Nearly two out of five employees use social media sites for personal reasons at work – a serious risk to businesses, as cyber criminals hide malware on shortened links and exploit encrypted traffic to deliver payloads.

“The dichotomy between the awareness and actions of the employees found in this research should trouble businesses all over the world,” said Blue Coat European director of products Robert Arandjelovic.

“While IT professionals seek to prevent cyber attacks occurring, their colleagues’ behaviour is jeopardising employers’ cyber security and ultimately their jobs,” he added.

According to Arandjelovic, the consumerisation of IT and social media carry mixed blessings to enterprises.

“It is no longer feasible to prevent employees from using them, so businesses need to find ways to support these technology choices while simultaneously mitigating the security risks,” he said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Security always has been - and likely always will be unless changes are made - IT's problem. We need real leaders in IT/security who are not only good with people/communications/business but actually understand the technical stuff they're responsible for. Grow that side of the business and you'll eventually get things under control. Continue ignoring the fundamentals of human relationships and security basics and the same old stories will echo on throughout the years.
Cancel
In my experience I see a lot of violations go unpunished. Rules are in place for a reason and they just seem to be ignored. I have even seen IT staff ignore their own policies. I'd be curious as to see how issues like this would be handled. If IT breaks the rules, who do you report to?
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close