There are two major IT security risks that enterprises need to prepare for – Millennials and the impending General Data Protection Regulation (GDPR).
A global Ponemon Institute study of more than 4,000 IT, security, and business professionals found that Millennials bring a growing number of mobile apps, devices and new methods of information sharing and collaboration that pose new security risks for businesses.
The study also found that most enterprises are skeptical of their ability to meet the stringent security and compliance requirements of the proposed GDPR.
Different generations and security risks
The modern workforce is composed of three different generations and each has different views on information sharing, collaboration, technology, and the role security plays in each.
The global study shows that each generation is also susceptible to different kinds of security vulnerabilities:
- 55% of security and business respondents said that Millennials, born 1981-1997, pose the greatest risk to circumventing IT security policies and use of unapproved apps in the workplace
- 33% said Baby Boomers, born 1946-1964, are most susceptible to phishing and social engineering scams
- 32% said Gen Xers, born 1965-1980, were most likely to circumvent security policies and use unapproved apps and devices in the workplace.
Regulations are forcing more security requirements
With the GDPR set to go into effect May 2018, the European Union has taken a step toward protecting business information and employee data as workers traverse digital and physical borders around the world.
As businesses prepare, a few hurdles need to be overcome. The study found that 67% of global business respondents are aware of GDPR, but only about half have started to prepare for these new regulations. The most significant barriers are:
Companies who do business in Europe need to adapt: 74% of respondents say GDPR will have a significant and negative impact on business operations. 65% are worried about the new penalties of up to 100 million euros or 2 to 4% of annual worldwide revenue.
Technologies need to protect all information, everywhere: 52% of respondents do not feel that their security infrastructure facilitates compliance and regulatory enforcement with a centralized approach to controlling, monitoring and reporting of data.
Thinking globally: 53% are concerned with the increased global effects GDPR will bring, impacting more businesses, including many outside the EU.
“Everyone is susceptible to a security breach. Organizations can’t afford to take their time when implementing smart security strategies. Security is a global concern and whether you’re a large government organization or a small business, the time to act is now. While these more strict regulations are being put into place, take a strategic approach, look at the big picture, educate your workforce to create a security-aware culture, and find comprehensive solutions that adhere to the unique needs of your business. The security architecture of the future is one that is predictive, adaptive, and embraces the benefits of emerging technologies to solve security business challenges,” said Stan Black, Citrix CSO.