Threats step out of the shadows

Today’s businesses, including manufacturers, are facing increased security risks as threats are becoming magnified by the world’s next generation of workers’ online behaviour.

Despite popular assumptions that security risks increase as a person’s online activity becomes shadier, findings from Cisco’s 2013 Annual Security Report (ASR) reveal that the highest concentration of online security threats do not target pornography, pharmaceutical or gambling sites as much as they do legitimate destinations visited by mass audiences, such as major search engines, retail sites and social media outlets. In fact, Cisco found that online shopping sites are 21 times as likely, and search engines are 27 times as likely, to deliver malicious content than a counterfeit software site. Viewing online advertisements? Advertisements are 182 as times likely to deliver malicious content than pornography.

Security risks rise in businesses because many employees adopt “my way” work lifestyles in which their devices, work and online behavior mix with their personal lives virtually anywhere – in the office, at home and everywhere in between. The business security implications of this “consumerization” trend are magnified by a second set of findings from the Cisco Connected World Technology Report (CCWTR), which provides insight into the attitudes of the world’s next generation of workers, Generation Y. According to the study, most Generation Y employees in Canada believe the age of privacy is over (91 per cent), but one third say that they are not worried about all the data that is stored and captured about them. They are willing to sacrifice personal information for socialization online. In fact, more Generation Y workers globally said they feel more comfortable sharing personal information with retail sites than with their own employers’ IT departments – departments that are paid to protect employee identities and devices.

As Generation Y graduates from college and enters the workforce in greater numbers, they test corporate cultures and policies with expectations of social media freedom, device choice, and mobile lifestyles that the generations before them never demanded. As the first chapter of the Connected World Technology Report indicated in December, Gen Y in Canada is constantly checking social media, email and text updates, whether it’s in bed (two out of three surveyed in Canada), at the dinner table (nearly 60 per cent), in the bathroom (52 per cent in Canada compared to only 33 per cent globally), or driving (one in three Canadians, considerably higher than the 19 per cent global average). That lifestyle is entering work environments in greater numbers, spotlighting the future of work and how companies must consider competing for the next wave of talent. Unfortunately, what the security studies show is the next-generation workforce’s lifestyles are also introducing security challenges that companies have never had to address on this scale.

Key findings :

Android malware

– Android malware encounters grew 2,577 per cent over 2012. (ASR)
– However, mobile malware represents only 0.5 per cent of total Web malware encounters. (ASR)
– These trends become especially significant considering the smartphone is the No.1 device among Gen Y workers over laptops, PCs and tablets
(CCWTR)

Web malware encounters by country

In 2012, there was significant change in the global landscape of where users encountered Web malware. China dropped from being the second-most malware-stricken country in 2011 to the sixth spot last year.
Scandinavian countries, such as Denmark and Sweden, experienced greater numbers of Web malware encounters, climbing the world ranking to the third and fourth spots, respectively. The United States retained the top spot with 33 per cent of the world’s Web malware encounters. (ASR)

Privacy tradeoff

-Although most Gen Y respondents do not trust websites to protect personal information (80 per cent in Canada compared to 75 per cent globally), such as credit card and personal contact details, their lack of confidence does not deter their online behavior, gambling that they will not be compromised. This puts a large amount of pressure on companies when these individuals take risks online with work devices on corporate networks. (CCWTR)
– Fifty-seven per cent of Gen Y is comfortable with their personal information being used by retailers, social media sites, and other online properties if they will benefit from the experience. (CCWTR)

IT Policy Compliance

– 87 per cent of IT professionals surveyed in Canada said they have a policy governing the use of certain devices at work. (CCWTR)
– 34 per cent of the Gen Y workforce in Canada said their company’s policy forbids them to use company-issued devices for non-work activities but 64 per cent said they don’t always obey those policies
(CCWTR)
– 36 per cent of IT professionals in Canada believe their employees obey IT policies (compared to 52 per cent globally). (CCWTR)
– 72 per cent of Gen Y respondents in Canada said IT has no right to monitor their online behavior, even if that behavior is conducted using company-issued devices on corporate networks. (CCWTR)

The Internet of everything & security’s future

Looking ahead, the Internet of Everything represents the largest online trend today. As more people, things and devices connect to the Internet, more data from more places will be introduced across corporate and service provider networks, which open up new vulnerabilities and a need for more sophisticated security approaches.

– Exponentially more machine-to-machine (M2M) connections are coming online each day, leading to a proliferation of endpoints that extend far beyond mobile devices, laptops and desktops to an “any-to-any” scenario in which any device can connect to any cloud to any application across any network.
– By 2020, with an Internet open to an estimated 50 billion things, the number of connections balloons to more than 13 quadrillion (specifically, 13,311,666,640,184,600). Adding just one more “thing” (50 billion + 1) will increase the number of potential connections by another 50 billion.
– These new connections generate data in motion that needs to be protected in real time as it is evaluated for actionable insights through the network and before it’s compromised and causes irreparable damages.
– For network security professionals, the focus becomes content-neutral plumbing – shifting from the endpoint and the periphery to the network.

Click here to read the Cisco 2013 Annual Security Report.