Company employees ignore cyber risks, survey reveals

Many company employees ignore cyber risks, exposing their organisations to attacks, a survey has revealed

Many company employees ignore cyber risks, exposing their organisations to attacks, a survey by security firm Blue Coat Systems has revealed.

The survey of more than 1,500 employees at organisations in 11 countries showed that employees visit inappropriate websites while at work, despite being aware of the risks to their companies.

The study conducted by independent research firm Vanson Bourne found the actions of employees at odds with their awareness of the growing cyber threats facing the workplace.

According to Blue Coat, this risky behaviour can leave corporate and personal data open to theft. This data can be used to access corporate accounts or trick others into revealing their credentials.

The security firm noted that pornography continues to be one of the most popular methods of hiding malware or malicious content.

Even though awareness of the threat posed by adult content sites is high, workers are still visiting these potentially dangerous sites, the survey showed.

Some 19% of respondents in China admitted viewing adult content sites on a work device, followed by Mexico (10%), the UK (9%), France (5%) and Germany (2%).

In March, three UK judges were dismissed for viewing pornographic material via their official IT accounts.

Employees aware of risks

Most respondents admitted understanding the obvious cyber threats when downloading email attachments from an unknown sender, or using social media and unapproved apps from corporate networks without permission, but knowing this did not curb their risk-taking.

One out of five UK employees admitted opening email attachments from unverified senders, even though 78% see this as a serious risk.

While 64% of German respondents and 63% of French respondents consider this a serious risk, only 16% of respondents in these countries said they opened unsolicited emails.

Read more about social media and security

The survey revealed that although 66% of all respondents view using a new application without the IT department’s consent as a serious cyber security risk to the business, 26% admitted doing so.

In the UK, 33% of respondents used new applications without IT’s permission, compared with 27% in Germany and just 16% in France.

Nearly two out of five employees use social media sites for personal reasons at work – a serious risk to businesses, as cyber criminals hide malware on shortened links and exploit encrypted traffic to deliver payloads.

“The dichotomy between the awareness and actions of the employees found in this research should trouble businesses all over the world,” said Blue Coat European director of products Robert Arandjelovic.

“While IT professionals seek to prevent cyber attacks occurring, their colleagues’ behaviour is jeopardising employers’ cyber security and ultimately their jobs,” he added.

According to Arandjelovic, the consumerisation of IT and social media carry mixed blessings to enterprises.

“It is no longer feasible to prevent employees from using them, so businesses need to find ways to support these technology choices while simultaneously mitigating the security risks,” he said.

Read more on Hackers and cybercrime prevention