A10 Networks have just released a brand new study which reveals some astonishing statistics about Brits’ relationship with our mobile devices. Our Application Intelligence Report (AIR) found that as a nation, we are so obsessed with our phones and tablets that more than half (55 percent) of us believe we couldn’t live without our mobile apps, with a quarter proclaiming that apps are just as important as eating, breathing and drinking.
Additionally, mobile phones – and the apps on them – are so integral to our daily lives that more than half (55 percent) of Britons questioned said they would rather lose their trousers than their smartphone!
Despite our attachment to our mobile devices, however, the research found a worrying lack of care when it comes to mobile app security. More Britons claim to have had their mobile devices hacked – one in four (24 percent) – than any almost any other country globally, and more than any other European country. UK respondents lose their mobile devices more frequently (24 percent) – or have them stolen (19 percent) – than the global average, and more than the rest of Europe.
Regardless of these statistics, as a nation we’re sticking our head in the sand when it comes to taking responsibility for our devices’ security. Nearly one in three (32 percent) UK survey participants said cyber-attacks are something they “just try not to think about” – more so than the global or European average. Brits also indicated they don’t think about security when downloading apps.
That’s more than worrying when you realise that Britain has the largest percentage of employees (41 percent) who use non-sanctioned apps at work. Unfortunately for companies, this means employees are leaving the door wide open for hackers to sneak in and do serious damage.
Data breaches hit the headlines on an almost daily basis, accompanied by news of the huge fines and reputational damage they bring with them. This will only be compounded when the General Data Protection Regulation (GDPR) comes into force in May 2018, with fines for breaches of personal information increasing to up to four percent of annual global turnover or €20 million, whichever is greater. Therefore, the consequences of any data loss could be financially devastating for any organisation.
Globally the report shows that employees think about security more with personal apps than business apps, because they believe the IT department will protect them. Nearly half (47 percent) still expect to be protected from cyber-attacks by either their company or third-party app developers.
However, the question of responsibility is an interesting one. When asked about who is ultimately accountable for their personal identity and information when using a personal, non-business app at work only 37 percent of Brits considered it their responsibility.
Therefore, it’s even more important that the IT Director or Chief Information Security Officer (CISO) is aware of the cavalier attitude of many employees towards app security, and the danger that their behaviour poses to the organisation.
However, security concerns cannot be solved by technology alone; companies must protect their security perimeter from all angles – including educating employees on the personal and corporate risks that accompany their dependency on apps.
CISOs and IT managers must conduct proper assessments of corporate policies regarding the use of personal devices. They should look at how those policies are introduced during new hire orientations, and keep employees constantly updated on their policies – they must also get the message across that security can’t be compromised for access to the latest app. Combining employee guidelines with the policies, and involving the executive leadership in the process too, will help build a successful security framework.
The threat landscape continues to grow and those being attacked is becoming much more widespread. You only have to look at the recent WannaCry Ransomware attack which affected NHS hospitals around the country to see how widespread and vulnerable we all are to attack.
This attack I think highlights the apathy that we have towards security. In fact WannaCry did not have any truly novel tricks up its sleeve. It was a standard ransomware attack but the number of incidents was extremely high, as a result of poor security posture. If devices had been patched, regularly updated and so on, there would have been a lower number of successful attacks.
But for the CISO, ensuring employees are aware of the security dangers, especially those associated with using non-sanctioned apps, and ignoring the ever-increasing risks of cyber-attacks, is the first step to building a strong security culture in the workplace – and encouraging personal responsibility when it comes to the devices that so many of us simply can’t live without.