The Application Intelligence Report (AIR) was commissioned by A10 Networks and conducted independently with the intent to provide education for employers that helps them assess corporate policies and ultimately protect their businesses and applications by becoming more aware of the attitudes and behaviours of their employees.
The 2017 AIR Report previously examined the rise of apps in our “blended lives”, with work and personal use of apps growing within the home and workplace. Today’s announcement addresses the key challenges of IT decision makers who are faced with the rise of complex attacks and lack of knowledge or careless attitudes of employees who inadvertently introduce these new threats to their businesses. The AIR research found the UK stood out over other countries in a number of ways:
- UK employees are more familiar than the global average with cyber threats and security terms such as DDoS attacks and botnets.
- 54% said their company has experienced a breach, which is slightly higher than the global average of 47%, and 41% of UK IT professionals have experienced at least one DDoS attack.
- Globally, the UK has the highest percentage of employees (41%) who use apps without permission from IT, or knowing if those apps have been sanctioned to use at work.
- Only 14% of UK IT decision makers expect their company’s security budget to increase. This is in comparison to US (45%), Brazil (44%) and India (38%).
- 41% of UK IT decision makers expect cyberattacks to increase.
Frequency of Known – and Unknown – Cybersecurity Attacks
The report also interviewed global IT decision makers about their efforts to defend their corporate networks, users and applications against cybersecurity attacks, finding that almost half (47 percent) said their company has suffered a data breach at least once.
Help for IT Professionals is On the Way
Perhaps as a direct correlation to the rise of these attacks, the global figures revealed that 63 percent of IT professionals believe their overall IT and security budget will increase. Additionally, more than one third (36 percent) of IT departments are looking to grow their security teams, as security is the top hiring focus.
Who is Responsible for App Security?
More than half (55 percent) of employees expect the use of business apps to increase in the workplace. This increases the odds of devices becoming a part of a larger DDoS attack, thus opening up the business to a major breach.
App developers, IT heads and end users are at odds over who is responsible for application security and best practices. With employees, responsibility is low with only two out of five (41 percent) claiming ownership for the security and protection of the non-business apps they use. The report highlights that employees believe security should be provided by app developers (20 percent), service providers (17 percent) and their IT department (16 percent).
Additional AIR findings include:
Employee behaviour towards the Use of Banned Apps or Sites at Work
· It is an accepted fact that companies can block apps and websites at work – 87 percent find this practice acceptable, and 85 percent would accept a job in a company that does so.
· However, only two thirds of employees claim their companies actually block specific sites or apps.
· One third (33 percent) claims IT does not give them the apps needed to get the job done.
Perceived Attitudes of Employees and Thoughts on Best Practices
· Almost a quarter of IT decision makers think there will be no improvement in security behaviour at their company, but 75 percent think optimistically that there will be.
· 88 percent of IT heads say employees need better education on best security practices.
· Password policies are communicated to employees through email reminders (66 percent) followed by employee orientation (50 percent), internal meetings (48 percent), and communication from a manager (44 percent).
Ronald Sens, A10 Networks’ Director of EMEA Marketing said “A10’s AIR report shows how UK employees all too often unknowingly weaken cybersecurity with the use of unsanctioned apps. With poor understanding of corporate security policies, this behaviour increases the risks that come with a growing reliance on disparate and app-dependent workforces”.
