Millennial employees may pose the biggest security risk, says study

Generational differences increase security risk

According to a recent survey by the Ponemon Institute and Citrix, there are two major IT security risks that enterprises need to prepare for: Millennials and the impending General Data Protection Regulations (GDPR). The global study of more than 4,000 IT, security, and business professionals found that Millennials bring a growing number of mobile apps, devices and new methods of information sharing and collaboration that pose new security risks for businesses. The study also found that most enterprises are sceptical of their ability to meet the stringent security and compliance requirements of the proposed GDPR.

The modern workforce is composed of three different generations and each has different views on information sharing, collaboration, technology, and the role security plays in each. “Everyone is susceptible to a security breach.” says Citrix CSO Stan Black. “Organisations can’t afford to take their time when implementing smart security strategies. Security is a global concern and whether you’re a large government organisation or a small business, the time to act is now.”

The global study shows that each generation is also susceptible to different kinds of security vulnerabilities:

  • 55% of security and business respondents said that Millennials, born 1981-1997, pose the greatest risk of circumventing IT security policies and using unapproved apps in the workplace.
  • 33% said Baby Boomers, born 1946-1964, are most susceptible to phishing and social engineering scams.
  • 32% said Gen Xers, born 1965-1980, were most likely to circumvent security policies and use unapproved apps and devices in the workplace.

Regulations are forcing security upgrades

With the GDPR set to go into effect May 2018, the European Union has taken a step toward protecting business information and employee data as workers traverse digital and physical borders around the world. GDPR will impact businesses worldwide, including any organisations inside and outside the EU that share data or sell products or services in the region. As businesses prepare, a few hurdles need to be overcome. The study from Citrix and the Ponemon Institute found that 67% of global business respondents are aware of GDPR, but only about half have started to prepare for these new regulations. The most significant barriers are:

  • Companies who do business in Europe need to adapt: 74% of respondents say GDPR will have a significant and negative impact on business operations. 65% are worried about the new penalties of up to 100 million euros or 2 to 4 %of annual worldwide revenue.
  • Technologies need to protect all information, everywhere: 52% of respondents do not feel that their security infrastructure facilitates compliance and regulatory enforcement with a centralised approach to controlling, monitoring and reporting of data.
  • Thinking globally: 53% are concerned with the increased global effects GDPR will bring, impacting more businesses, including many outside the EU.

“Data crosses digital borders every minute and security architectures need to take into account this blending of personal and professional lives.” says Tim Minahan, Citrix CMO. “A smart security architecture also takes into account the needs of the workforce, including generational differences, to eliminate security threats that should be easy to control so businesses can focus on their business and customers.”

The report, conducted by the Ponemon Institute and Citrix, includes insights from more than 4,200 IT and IT security practitioners globally.