Security risk potential linked to young, mobile users

A study conducted by wireless supplier Aruba Networks has identified a distinct cohort of high-risk, security-agnostic workers

Wireless supplier Aruba Networks has warned enterprises to take action to secure their corporate networks after publishing a mobile security risk report that found CIOs are unprepared for the impact of the high-risk, security-agnostic Generation Mobile workforce.

The supplier coined the Generation Mobile, or GenMobile, moniker -- at its heart another term for Millennial or Generation Y -- in 2014.

In Aruba's world, GenMobile is a cohort of tech-savvy users aged from their early-twenties to their mid-thirties who rely on smartphones and other mobile devices for every aspect of work and personal communication.

It has been pushing the concept of mobility-defined networking to automate infrastructure-wide performance optimisation and security actions in response to their growing influence in the workplace.

Its new report, which questioned more than 11,000 employees in 23 countries, revealed that attitudes among the younger mobile workforce were shifting towards a more sharing, security-agnostic workplace.

Aruba reported that those over the age of 55 were half as likely to experience identity theft or loss of personal and client data compared with GenMobile, who were collectively at the highest risk.

In particular, it showed that men working in well-paid jobs in highly regulated, high-tech industries posed the greatest risk to data security.

Sharing not caring

Among the headline findings of Aruba's report were that six in 10 people shared their work and personal devices with others, and nearly a fifth had no passwords on their devices, with 22% openly admitting they had failed to set up the feature to make it easier for them to share files and other content.

Meanwhile, a third of workers admitted to having lost data due to misusing a mobile device. Security ranked fifth, behind brand and operating system, in points to consider when GenMobile workers were buying a new device, and 87% assumed their IT departments would keep them safe.

Aruba also revealed that 56% of workers said they were willing to disobey their boss to get something done, and 77% were willing to perform self-service IT.

Dodgy bankers

More worryingly, 39% of respondents working in the financial services industry admitted to losing company data through misusing a mobile device, 25% higher than the average across all the industries surveyed.

The public sector was the least likely to report lost or stolen data, although that does not mean the public sector is not losing data.

Attitudes were also lax among people working in high-tech industries, who were more likely than average to give up their device password if asked for it by IT, and in education, where teachers revealed a tendency to write their passwords down on a piece of paper.

Read more about mobile security

  • With a growing consensus that mobile app management and security are more important than managing the device, IT needs to learn how to implement effective MAM.
  • Mobile payment service Venmo is improving security measures after a user's account was compromised and nearly $3,000 siphoned out of his bank account.
  • Tim Berners-Lee's World Wide Web Foundation has called for urgent steps to secure mobile communications.

Across the sample, men were more likely to have lose personal or client data after misusing a smartphone, and 40% more likely than women to fall victim to identity theft.

Employees higher up the food chain were also a greater source of risk, with those making in excess of $60,000 (£41,000) a year more than twice as likely as those making less than $18,000 (£12,300) to lose personal data.

Those at the highest level of the enterprise, making salaries greater than $75,000 (£51,250) were three times more likely to give out their device password than those at the bottom of the ladder.

Adaptive trust

Aruba senior director of marketing for Europe, Chris Kozup, said that as security breaches take a turn towards exploiting social engineering techniques -- often for political ends -- IT organisations needed to change tack to focus on user demographics as a source of risk.

Kozup advocated the adoption of a more adaptive model of trust when it came to keeping GenMobile workers secure.

"Corporations have thought about security historically as very much a perimeter solution and put a big firewall at the gateway," he said.

"We've been eroding that for a good 10 years as information becomes more fluid, but we have not yet moved away from the idea that security sits only at the perimeter of the network."

An adaptive trust model, said Kozup, could take into account contextual information relating to any user, such as their location, role, model of device, and even age and salary.

Aruba is using its dataset to develop an online security risk index tool which will enable customers to benchmark their risk levels relative to businesses in their country and vertical.

Read more on IT risk management