Ivanti released a cybersecurity report on
Hidden Threats
as part of its Cybersecurity Report Series. Ivanti surveyed over 6,500
executive leaders, cybersecurity professionals and office workers to
uncover how workforce demographics impact an organization's
cybersecurity posture. The report finds that one in three employees
believe their actions do not impact their organization's security.
The research also shows that Millennial and Gen Z office workers are
more likely to have unsafe cybersecurity habits when compared to Gen X
and older (those above 40 years of age). This is true about performing
password hygiene, clicking on phishing links and sharing devices with
family and friends:
-
38% of office workers under 40 use the same passwords on multiple devices, compared to 28% of office workers older than 40.
-
34% of office workers under 40 shared work device(s) with family or friends, compared to 19% of office workers older than 40.
-
34% of office workers under 40 use a birthdate in their password, compared to 19% of office workers older than 40.
-
13% of office workers under 40 clicked on a phishing link when targeted, compared to 8% of office workers older than 40.
In addition, gender, seniority and region can impact the collective
strength of the organization's security as a whole. The report finds
that men and leaders are more comfortable contacting a security employee
with a question or concern - with leaders at an organization the most
likely to reach out with a question at 72%. It also shows that there are
regional variations in cybersecurity training and attitudes with 54% of
employees in China and 43% in France reporting that their organizations
do not provide mandatory cybersecurity training. That number drops to
17% for the United Kingdom, 30% in the United States and 22% in Germany
respectively.
"Employees don't always understand that they're valuable members of the
extended security team despite organizations best attempts to train and
educate," said Daniel Spicer, Chief Security Officer at Ivanti. "There
is also a dangerous assumption that since younger office workers are
generally more tech savvy, they are also more security conscious.
Security leaders need to enable all employees to play defense against
threat actors and proactively build an open and welcoming security
culture."
Many organizations have a top-down approach to training and
cybersecurity culture; however, the research shows it's critical to
build a collaborative and positive security culture at every
organization. Undertrained employees risk diluting the strength of the
overall organization's preparedness, which is why organizations need to
design their tech stack to minimize end-user friction.
To read all of the insights, please visit here.