IT firm Unisys released the results of new research this week which shows that Americans overall concerns with regards to cyber security are on the decline. Despite the fact that many people are more proactive now when it comes to protecting themselves personally online, the Unisys Security Index shows that they still engage in practices that can leave them and the organizations they work for vulnerable.
On a scale of 0-300, the survey, which included more than 10,000 respondents from 11 different countries, the U.S. received an overall score of 136, placing it behind Brazil, Hong Kong and Germany in terms of cyber security concerns. The U.S. ranked among the top three nations when it came to concerns about the threats posed by hackers to national security. In fact, 61 percent of Americans now support proposed legislation that provides the president with the power to shut down portions of the Internet in the event of a coordinated cyber attack against the country.
Steve Vinsik, vice president of critical infrastructure protection for Unisys Federal Systems, says the survey results show that people are more aware now than in the past when it comes to cyber security issues.
"I think that the cyber security message that we've been inundated with over the last several months is getting out there," he said. "From an enterprise perspective, that translates to employees being more aware of what is going on around them about access to information."
While this may come as welcomed news for many corporate IT managers, the boom of network-enabled mobile devices and lax attitudes towards password protection has created a whole new set of potential headaches for organizations.
With more people bringing their mobile phones to the workplace and organizations adopting them as tools of the trade, Vinsik said companies may need to implement enterprise-wide security policies and procedures for these devices. According to the survey, only 37 percent of respondents said they were regularly using and updating passwords on their mobile phones.
"While by default the consumer (mobile) device doesn't have a password enabled (login), from your corporate policy perspective, you can mandate that if they want to use their device to get their corporate email they are going to have to have a certificate on the device, as well as have it password protected," Vinsik said.
Vinsik added that another way mobile devices can harm the enterprise is through the unauthorized copying of sensitive or proprietary information, pointing out that most mobile phones now come equipped with quality cameras and audio recording functionality.
"If the enterprises aren't taking a proactive approach and aren't being aware that this is going on, they are opening themselves up to a lot of risk," he said.
Lax password protection also applies to personal computers, however, as the survey found that only 46 percent of Americans regularly use and update passwords on their own PCs. To avoid this in the corporate world, Vinsik said many businesses have done a good job of leveraging access credentials and PIN numbers for access to company computers.
Companies that fail to adequately secure their own networks also run the risk of losing their customers. In Germany, for instance, the survey found that 15 percent of Internet users switched banks or retailers because they were unsatisfied with the privacy and identity protections of those businesses. In Europe overall, Vinsik said that 10 percent of survey respondents reported switching from financial institutions or retailers due to the aforementioned issues.
"Corporations are looking at it as getting momentum and gathering new business by offering these enhanced security capabilities that their competitors are not offering," Vinsik explained. "By offering these services, by being secure and by not being in the press about some large-scale data theft occurring, they are becoming a more trusted entity."
Click here to read a full report on the Unisys survey (PDF - 603 KB).