New research from A10 Networks shown that UK employees are unknowingly putting their organisation as risk through their use of unapproved apps. The problems associated with ‘Shadow IT’, where employees download apps or use services without the consent of the IT department, have escalated in line with cloud adoption, and the use of personal smart devices in the workplace. Here, Ronald Sens, EMEA Director for A10 Networks explains more.
The research, Application Intelligence Report, which was conducted across ten territories, shows the UK has the highest percentage of employees (41%) who use apps without permission from IT, or not knowing if those apps have been approved to use at work. The apps can act as gateways to the network for cybercriminals looking to gain access to an organisation’s valuable data and there seems to be no stopping employees’ actions.
Of those who use non-sanctioned apps, more than half (57%) use the excuse that ‘everybody does it’, more than any other European country questioned in the report. Other respondents say their IT department doesn’t have the right to tell them what apps they can and can’t use, while some claim that their company’s IT department doesn’t give them access to the apps they need to do their jobs.
The research also highlights a lack of understanding among UK employees as to the potential damage they are inflicting on their organisations’ security. In fact, many companies still don’t realise the risks that come with this growing reliance on disparate and app-dependent workforces.
In the UK, 54 per cent of respondents have experienced at least one data breach, 41 per cent have experienced a DDoS (Distributed Denial of Service) attack, and 30 per cent have fallen victim to ransomware attacks, which are higher than the global averages.
There is also the issue of app security, and who is ultimately responsible for protecting the personal information and identity of employees who use approved business apps at work? The application developers, the IT department or the end users themselves?
While most firms globally think IT leaders should be held accountable, the UK’s IT leaders point the finger at service providers (36%), more so than the company or app developer. When it comes to app password security, UK IT chiefs have more faith in their employees than some of their counterparts around the world.
By 2020, most UK IT pros (84%) believe that mobile business apps will be used more than those on a laptop or a PC, almost in line with the global figure of 88 per cent. The good news is that 20 per cent of UK IT departments say they are looking to grow their security budgets to combat the explosion of threats. The slightly less good news is that the UK ranks join bottom with Japan for companies that expect to grow their security budget by 10 per cent or more, at 14 per cent, less than the global average of 27 per cent.
Globally, security is the top discipline for which IT teams are hiring, followed by applications teams. More than a third (36%) of IT decision-makers believe the security team is the highest hiring priority, again with the UK ranking lowest worldwide at only 20 per cent.
Awareness and education must be a priority. Factoring in employee behaviour, IT professionals should focus on building enterprise-wide security awareness and education programmes and implement strong security and access policies to prevent bad behaviour, and in particular, rogue app usage.