• Disparity between the responsibility of security and protection of non-business apps between IT decision makers and employees
|Source: A10 Networks. More than four in 10 IT decision makers have either been a victim of, or have no knowledge of DDoS attacks.|
A10 Networks has released results from the company's Application Intelligence Report* (AIR), a global research project that examines the behaviour and attitudes of the global workforce toward the use of business and personal apps, and their impact on risk, security, and corporate culture.
A10 Networks is a secure application services company, providing a range of high-performance application networking solutions that help organisations ensure that their data centre applications and networks remain highly available, accelerated and secure.
|Source: A10 Networks. Over half of employees polled say they do not know what a DDoS attack is.|
The gap in knowledge and attitude towards cyber security between IT departments and employees is costing organisations in revenue, trust and reputation, the report said. Key findings for the Asia Pacific region include:
- Forty-four percent of IT professionals have either been a victim of a distributed denial of service (DDoS) attack or do not know if they have been attacked
- Fifty-five percent of employees do not know what a DDoS attack is and 11% are unsure if they have been a DDoS attack victim
- Fifty-four percent of employees claim ownership of the security and protection of non-business apps but four in 10 IT decision makers feel that the onus of protecting employees' identity and personal information falls on the security team, and 16% of IT professionals put the onus of app security on “the whole IT department”. Another 12% say the CIO is responsible.
One finding was that almost half (48%) of the global respondents say they agree their employees do not care about following security practices. The report also interviewed IT decision makers about their efforts to defend their corporate networks, users and applications against cybersecurity attacks, finding that half (47%) said their company had suffered a data breach at least once.
Specifically in Asia Pacific, distributed denial of service (DDoS) attacks took the top spot amongst cyber threats against businesses with 33% of IT professionals saying that their company had suffered one at least once over the past 12 months.
Furthermore, 11% remain unaware, whether they have been attacked or not.
Collectively, this means that almost half (44%) of IT professionals have either been a victim of a DDoS attack or do not know if they have been attacked.
In the survey, IT defenders note their adversaries are becoming more sophisticated and the size and frequency of DDoS attacks are steadily rising. Six in 10 IT decision makers say DDoS attacks will increase in frequency this year.
A10 Networks says reckless or negligent employee behaviour can be traced back to lack of security awareness and education within their respective organisation. The report said nine in 10 IT heads say employees need better education on best security practices. However, nearly a quarter (23%) believe that there will be no improvement in employees’ security behaviour in their companies in the next 12 months despite educational efforts.
Three in 10 (29%) of IT leaders also highlight that the biggest challenge is the lack of commitment to security policy and enforcement by the company.
“Today, an individual’s negligence or complacency can cripple established organisations. While implementing the right infrastructure and managing defenses against these threats are important, enterprises also need to focus on educating IT departments and employees about the seriousness of security threats,” said Jonathan Tan, Regional VP, ASEAN and Pakistan. “At A10 Networks, while we believe that a business’ cyber defense infrastructure is critical, enterprises must also take on a proactive and ongoing approach towards educating the workforce on cyber security threats and precautions.”
Additional AIR findings in APAC include:
• It is an accepted fact that companies can block apps and websites at work – 88% find this practice acceptable, and 86% would accept a job that does so.
• Six in 10 (61%) of employees claim their companies actually block specific sites or apps.
• One third (36%) of employees surveyed knowingly use non-sanctioned apps.
• One in 10 (9%) do not know if the apps they use at work are banned or not.
• Of those who use non-sanctioned apps, over half (51%) claim “everybody does it,” while 43% believe their IT department does not have the right to tell them what apps they cannot use.
• One third (36%) claim IT does not give them the apps needed to get the job done.
Managing employee behaviour
• Almost a quarter of IT decision-makers think there will be no improvement in security behaviour at their company, while 77% disagree.
• IT decision makers say their top recommended password policy is updating passwords regularly (78%) followed by choosing different passwords for different systems (56%), and two-factor or multifactor authentication (57%).
• Password policies are communicated to employees through email reminders (71%) followed by employee orientation (52%), internal meetings (45%), and communication from a manager (49%).
Challenges for IT professionals
• When protecting their company, the biggest challenge noted by IT professionals is lack of corporate commitment to policy and enforcement (29%).
• Over a third (36%) of IT leaders are only slightly optimistic about their ability to stop threats and protect their company.
Read more findings from the report or read the report
*The report, that surveyed over 2000 businesses and IT leaders globally, addresses the challenges of IT decision makers who are faced with the rise and complexity of cyber attacks, and the careless attitudes of employees who unwittingly introduce new threats to their businesses.