A10 Networks’ Application Intelligence Report reveals differences in cyber security attitudes and knowledge amongst IT decision makers and employees

Posted by Leslie Paul, 23-01-2018

A10 Networks’ Application Intelligence Report reveals differences in cyber security attitudes and knowledge amongst IT decision makers and employees

  • Study shows that organizations are facing cyber risks because of the lack of awareness amongst IT leaders and employees
  • Disparity between the responsibility of security and protection of non-business apps between IT decision makers and employees

 

Singapore, 22 January 2018 – The gap in knowledge and attitude towards cyber security between IT departments and employees is costing organizations in revenue, trust and reputation according to the A10 Networks’ Application Intelligence Report (AIR). The report, that surveyed over 2000 businesses and IT leaders globally, addresses the challenges of IT decision makers who are faced with the rise and complexity of cyber attacks, and the careless attitudes of employees who unwittingly introduce new threats to their businesses.

One crucial finding was that almost half (48 percent) of the global respondents say they agree their employees do not care about following security practices.The report also interviewed IT decision makers about their efforts to defend their corporate networks, users and applications against cybersecurity attacks, finding that half (47 percent) said their company has suffered a data breach at least once.

 

Cyber attacks are a matter of when, not if

Specifically in Asia Pacific, distributed denial of service (DDoS) attacks took the top spot amongst cyber threats against businesses with 33 percent of IT professionals saying that their company had suffered one at least once over the past 12 months.

 

 

Alarmingly, 11 percent remain unaware, whether they have been attacked or not.

 

Collectively, this means that almost half (44 percent) of IT professionals have either been a victim of a DDoS attack or do not know if they have been attacked.

 

 

In the survey, IT defenders note their adversaries are becoming more sophisticated and the size and frequency of DDoS attacks are steadily rising.

 

IT decision makers expect volume of DDoS attacks to increase

 

While IT leaders see DDoS as a growing threat, employees are at the opposite end of the spectrum.

 

Employees lack knowledge on DDoS

 

Who’s responsible for app security?

An area that created confusion among survey respondents is app security and who is ultimately responsible for it – the application developers, IT departments or the end users?

 

mployees claim responsibility of security of non-buiness apps

 

However, IT decision makers paint a different picture.

 

Meanwhile, 16 percent of IT professionals put the onus of app security on “the whole IT department”.

 

Education is a must

Often, reckless or negligent employee behavior can be traced back to lack of security awareness and education within their respective organization. 

The need for better education

 

Yet, nearly a quarter (23 percent) believe that there will be no improvement in employee’s security behavior in their companies in the next 12 months despite educational efforts.

29 percent of IT leaders also highlight that the biggest challenge is the lack of commitment to security policy and enforcement by the company.

Fortunately for security and IT professionals, there are protective measures they can take to ensure that employees’ behavior with apps and lack of attention to security do not introduce threats and damage business.

“Today, an individual’s negligence or complacency can cripple established organizations. While implementing the right infrastructure and managing defenses against these threats are important, enterprises also need to focus on educating IT departments and employees about the seriousness of security threats,” said Jonathan Tan, Regional Vice President, ASEAN and Pakistan. “At A10 Networks, while we believe that a business’ cyber defense infrastructure is critical, enterprises must also take on a proactive and ongoing approach towards educating the workforce on cyber security threats and precautions.”

 

Additional AIR findings in APAC include: 

Employee Behavior toward the Use of Banned Apps or Sites at Work 

  • It is an accepted fact that companies can block apps and websites at work – 88 percent find this practice acceptable, and 86 percent would accept a job that does so.
  • However, only two thirds (61 percent) of employees claim their companies actually block specific sites or apps.
  • One third (36 percent) of employees surveyed knowingly use non-sanctioned apps.
  • 9 percent do not know if the apps they use at work are banned or not. 
  • Of those who use non-sanctioned apps, over half (51 percent) claim “everybody does it,” while 43 percent believe their IT department does not have the right to tell them what apps they cannot use.
  • One third (36 percent) claims IT does not give them the apps needed to get the job done. 

Perceived Attitudes of Employees and Thoughts on Best Practices 

  • Almost a quarter of IT decision-makers think there will be no improvement in security behavior at their company, but 77 percent think optimistically that there will be. 
  • 90 percent of IT heads say employees need better education on best security practices.
  • IT decision makers say their top recommended password policy is updating passwords regularly (78 percent) followed by choosing different passwords for different systems (56 percent), and two-factor or multi-factor authentication (57 percent).
  • Password policies are communicated to employees through email reminders (71 percent) followed by employee orientation (52 percent), internal meetings (45 percent), and communication from a manager (49 percent).

Challenges and Needs of IT 

  • When protecting their company, the biggest challenge noted by IT professionals is lack of corporate commitment to policy and enforcement (29 percent). 
  • 36 percent of IT leaders are only slightly optimistic about their ability to stop threats and protect their company.

 

About the A10 Application Intelligence Report (AIR)

The Application Intelligence Report (AIR) is a global research project that examines the behavior and attitudes of the global workforce toward the use of business and personal apps, and their impact on risk, security, and corporate culture.

AIR was commissioned by A10 Networks and conducted independently by strategic research firm Provoke Insights. It involves more than 2,000 business and IT professionals in 10 countries, with the intent to provide education for employers that can help them reassess corporate policies and ultimately protect their businesses – and their applications – by simply becoming more aware of the behavior of their employees.

The A10 AIR research was conducted in 10 countries, representing some of the world’s largest economies and fastest growing populations of technology adopters: Brazil, China, France, Germany, India, Japan, Singapore, South Korea, the United Kingdom and the United States.

The complete findings are available at www.a10networks.com/AIR.

 

About A10 Networks

A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide. For more information, visit: www.a10networks.com and @A10Networks.

The A10 logo, A10 Networks, A10 Harmony, Thunder and A10 Lightning and Secure Application Services are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries.  All other trademarks are the property of their respective owners.