Gemalto’s latest research shows that Indians are regularly leaving themselves and employers, vulnerable to cyber security breaches with unsafe behaviour – Ashesh Thanawala, Regional Director India at Gemalto, takes a deep dive into the findings and the implications they have for business
India has been at the forefront of technology shifts, being a regional hub of choice for global businesses over the years. Technology is becoming the new leveler and the digital paradox is becoming the new business conundrum. While we continue to plug into the digital realm, there are huge risks lurking around the corner. With newer, disruptive technologies at play and an over-arching ambition for sustained development, India’s quest to drive greater economic growth makes it mission-critical to build an always-on, robust security architecture. The report ‘India Risk Survey 2015’ from The Federation of Indian Chambers of Commerce and Industry (FICCI) confirms that information & cyber insecurity continues to be the second biggest risk factor.
However, digital security is not just dependent on infrastructure, it also revolves around the policy that governs its use and more importantly, on the end-users that use the technology. To understand this in more detail, Gemalto undertook extensive research for its Data Security vs Human Behaviour survey.
The study looked at the behaviour of the end-users of enterprise systems – employees – to better understand the impact their actions are having on security, and the results were surprising.
Despite high-profile breaches, constant education campaigns and the obvious risks of data loss, people across Asia Pacific look for the quickest and easiest way to do things online even if it puts systems at risk.
The findings, from over 2,000 respondents across Australia, Hong Kong, India and Singapore, show that as the lines between home and work continue to blur, online behaviour is putting corporate data at risk, and exposing company systems to potentially devastating attacks.
In India, 84 percent of respondents said that they use personal devices to access work emails, while 68 percent of this group had been required to implement any additional security measures, such as using a security device, or regularly changing passwords, to do so. With only the basic levels of security protecting sensitive work data from external sources, hackers can easily gain access via a stolen device or with simple hacking techniques.
Moreover 63 per cent of respondents in India had downloaded an app onto an employer’s device that was not verified by an official app store. Meanwhile, 46 per cent had installed an app onto a work device without the knowledge of their IT team, three per cent higher than the regional average. Only 19 per cent of respondents were not able to install apps without input from IT, highlighting how easy it is for employees to unwittingly introduce potentially harmful applications and malware into enterprise systems.
Among Indian respondents who had downloaded apps onto work devices, most had installed social media and instant messaging application- 51 per cent had bypassed their IT teams to install games.
Less than half (33 percent) of respondents were not required to undergo any form of IT security training as part of their role. Among those who had received training, the majority had simply been issued with a manual when joining the company rather than receiving in-person training.
With hackers only needing a few seconds to access a device via Wi-Fi, it is worrying to 71 per cent of respondents in India have connected personal devices to unknown networks while 55 per cent had made online payments or bank transfers whilst connected to public Wi-Fi networks. Similarly,65 per cent of respondents had connected an employer’s device to a Wi-Fi network from an unknown provider, with 32 per cent doing so on a regular basis. This is particularly concerning as once hackers have accessed a system they can monitor everything the user does, making them able to quickly extract sensitive information. This highlights a lack of concern about the potential risks of cyber security or hacks, even when it comes to the handling of personal financial details.
Increased media coverage on the impact of breaches also seems to have had little impact –12 per cent said that despite high profile breaches, for example Ashley Madison and Sony, their online behaviour had not changed. In fact, only 37 per cent had increased the complexity of their passwords.
The findings of this survey reveal the uphill struggle faced by many of today’s enterprises when it comes to fighting cybercrime. It is clear that, without the systems in place to guide behaviour and protect critical information, employees are unwittingly leaving companies open to breaches and security failures. For companies in Asia Pacific it is no longer a matter of ‘if’ but ‘when’ their systems will be breached, and how they can best secure their data when breaches happen.
