Every generation from millennials to baby boomers brings different risks into the workplace, but millennials pose the biggest risk to sensitive and confidential data, according to a recent joint study between Citrix and the Ponemon Institute.
Australian professionals also lack confidence in their ability to defend their organisation’s security, despite high information security budgets.
55% of respondents felt millennials pose a great risk to sensitive and confidential data; compared to 26% of Gen Xers and 19% of baby boomers.
40% of respondents also felt that millennials posed the greatest risk for using unapproved apps or devices in the workplace; while 30% said Gen Xers were most likely to be negligent or careless about organisational security policies and 32% believed baby boomers were most likely to fall for phishing and social engineering scams.
When put together, IT security teams are struggling to tackle the new risks and 72% believe a new framework is needed to address it.
According to Les Willliamson, Citrix’s APAC vice president, high-profile attacks on organisations such as the one on the Bureau of Meterology, show Australia is on the receiving end.
“Cyber-crime alone poses a real threat in Australia, with the Australian Crime Commission estimating the annual cost of cyber-crime to Australia is over AUD$1 billion in direct costs. With that in mind, it’s particularly concerning to see that ANZ security professionals don’t feel confident they can protect their organisations’ security, especially with the new working behaviours we’re seeing from millennial employees,” Williamson says.
However, recognising security issues and putting protective frameworks still face conflict between confidence and executive leadership, despite 88% investing more than $1 million in their information security budget.
The study found that 69% of respondents say their senior leadership doesn't see cybersecurity as a strategic priority. In addition, security executives lack confidence across six key areas of survey protection.
33% of respondents felt ineffective at protecting sensitive apps and data at rest, in use and in motion; and 36% felt inefficient in reducing the risk from new, unapproved devices.
“The modern workforce is more flexible and traditional security approaches need to evolve to keep up especially with the stakes so high. A more flexible IT security architecture must consider the needs of the workforce, including generational differences,” Williamson adds.
“It should extend beyond traditional fixed end-point security approaches so it delivers threat detection and protection of apps and data at all stages. Ultimately, we at Citrix want to provide a secure foundation for apps and data across any location, network and device so businesses can eliminate security threats and focus on their company and customers,” he concludes.