While a recent EY Human risk study shows younger employees are less concerned about cybersecurity on work devices than on personal ones, statistics from Kaspersky mobile quest [Dis]connected reveals another issue regarding corporate cybersecurity. According to anonymized data, people find it difficult to balance between cybersecurity rules and maintaining good relations with friends and colleagues.
The role of employees’ cybersecurity policy violations in data breaches remains striking year-on- year. At the same time these violations usually happen not because of malicious intentions but result from attempts to perform work tasks efficiently .
The researchers from Ernst & Young LLP, however, noticed that Gen Z and millennials are more eager to disregard security protocols for the sake of productivity. Thus, they use same passwords for both professional and work accounts more often than older generations, ignore mandatory IT updates and pay less attention to web browser cookies. Moreover, only 35% of all respondents admit they feel very prepared to avoid cybersecurity mistakes at work.
The statistics from [Dis]connected disclose another problem regarding adhering to cybersecurity policy. The mobile game designed to help people realize how cybersecurity impacts their everyday life confirms that most employees have problems balancing safety and sociability. Thus, the typical score gained by a Disconnected player for vigilance amounted 90 while empathy players scored 23 points on average.
Game choices related to cybersecurity affect the personal and corporate spheres of a playable character’s life directly, leading to one of three game endings – good, neutral or bad. In general, the majority of players (45%) ended up with a “neutral” result, while 42% managed to achieve the “good” ending. However, 13% of walkthroughs appeared to be unsuccessful. The best players don’t just have the best average security level (ASL), but they also show the most balanced results in key game indicators.
“Once again, the revealed tendencies prove the importance of understanding cybersecurity principles, not just memorizing them. The main aim of security awareness training therefore is to change the behavior of employees and to show them how following rules can easily fit into daily routine.” – comments Tatyana Shumaylova, Senior Product Marketing Manager at Kaspersky. “That is why Disconnected, a part of Kaspersky security awareness portfolio, helps employees review their knowledge and teaches them to balance cyber vigilance with empathy. This approach allows any distortions that may affect safety, personal productivity or teamwork to be corrected”.