ISACA study reveals risky behaviour still commonplace despite better overall awareness

November 27, 2012

Nine out of every ten people who use a computer or smart device for work now understand that their online privacy and security is in danger, yet many are still persisting with dangerous behaviour that could be placing themselves and their employer at risk.

According to the 2012 IT Risk/Reward Barometer from ISACA, 65 per cent of people choose not to verify the security settings of online shopping sites before submitting personal information.

More than a third – 36 per cent – admit to using a work device to click on a link submitted to them through a social media site, while 12 per cent acknowledge that they store work passwords and other such confidential material on their personal smart device.

Internet users are also showing an increasing willingness to share their personal information, with 65 per cent of consumers admitting that they would be willing to submit personal data if a discount of 50 per cent was on offer for a $100 item.

This is despite the fact that 53 per cent of the 758 US-based ISACA members involved in the study said that they believed sharing personal information online has become riskier in 2012.

Furthermore, 95 per cent of participants claimed to be bothered by the feeling that they have no privacy when operating in the digital sphere.

According to CA Technologies vice president Robert Stroud, the problem is that there is a disconnection between perception and action when it comes to cyber security and vulnerability management.

"Just as in many parts of our lives, there is a gap between what we believe and how we act. That’s human nature," explained Mr Stroud in a blog post published November 14.

"Despite considerable concern about our online privacy and security, many of us are simply not willing to give up the benefits and conveniences now available online, even if these behaviours are deemed high risk by our IT departments."

Employees engaging in dangerous behaviour online put not only themselves at risk, but also their employers as well, as any leaked or stolen information obtained from a personal device could potentially be used to gain unauthorised access to an organisation's secure server.

For that reason, it's a good idea to engage in regular security audit evaluations in order to identify where shortfalls in business vulnerability management are occurring, and ensure employees are adequately educated as to the correct way to use both personal and work-related devices.

Leave a Reply

Your email address will not be published. Required fields are marked *