results from CISCO survey
In fact, in just one year's time, the number of respondents to the survey who expressed a belief that the Internet is "getting safer" increased from 48 percent 12 months ago to more than 56 percent in 2008.
Gray said the results of the study suggest that individuals are less frightened of Internet security issues than they were a year or two ago. "When they were getting hit by huge worms that extended across the Web, they were more cautious," he says. "But now, if they are not being affected by it personally, they feel safer. It's a silent problem, because they aren't hearing about it at a personal level."
Why?, The trend was particularly evident in some parts of the world where Internet use is growing the fastest, and where people believe that their governments are going to greater lengths to protect individual users, such as Brazil (71 percent), India (68 percent), and China (64 percent). In Brazil, for instance, where banking-password stealing Trojan virus attacks have finally been thwarted by stricter legal penalties for those creating the threats, people may falsely assume that it is now safe to let down their guard, according to Gray., their government is doing more to protect them, With so many users engaging in risky activities, it seems odd that believe security is actually improving. What's behind such a disparity?, "We haven't seen major worms in a few years -- things have changed with the bad guys going underground using more stealthy methods," Grey told InternetNews.com. "With this reduction of gross attacks, we have a false sense of security among the user population.", The recent Storm worm has not proven a wake-up call because it's not of the same category as the Zotob, Blaster and Sasser worms of the past, Grey said. Those worms were harmful in that they shut down computers, so infection proved impossible to overlook.
One of the biggest problems contributing to the situation is the fact that many workers feel it is acceptable for them to use their work computers for their personal activities, such as shopping, interacting with friends, and searching the Web for popular information, the expert maintains.
number of remote workers who felt that it was acceptable to use their corporate devices for personal use, such as Internet shopping, downloading music, and social collaboration.
Other unsafe behavior included allowing non-employees to share an employer-owned PC. On a global basis, 21 percent of respondents admitted to the practice -- up from 20 percent in 2006. Additionally, 12 percent worldwide said they helped themselves to a neighbor's Wi-Fi connection, a 1 percent increase from the previous year.
The number of workers in the UK who admitted they "hijack" the wireless connection of others has gone up from six per cent to 11 per cent over the last 12 months. Globally the figure is 12 per cent*, with big increases all over the world.
Why?, Respondents also had an answer for why they shared their employer-owned PC with friends and family: 32 percent of those polled said they simply didn't see anything wrong with the practice., The reasons offered for squatting a neighbour's wireless connection provide an insight into the thinking of remote workers. Answers offered in the survey included: "I needed it because I was in a bind", "It's more convenient than using my wireless connection", "I can't tell if I'm using my own or my neighbour's wireless connection" and "My neighbour doesn't know, so it's OK"
Although it is one of the age-old security risks, many remote workers admit that they still open suspicious emails and attachments despite the potential for triggering malware attacks. China (62 percent) is the most egregious offender. But arguably more disturbing is a growing trend in entrenched Internet-adopter countries like the United Kingdom (48 percent), Japan (42 percent), Australia (34 percent) and the United States (27 percent). For example, in Japan, 14 percent admit they open both an unknown or suspicious email and any attachments., Nearly half (48 per cent) admitted to opening dodgy emails in the UK, something of a black spot for the issue. The US scored better (by comparison, at least) with 27 per cent of those surveyed admitting that they exposed themselves to this risk., While the numbers of workers in the United States who are willing to open strange e-mails and attachments is far lower at 27 percent than in places like China (62 percent) and even the United Kingdom (48 percent), many people are still capable of falling for the time-honored ruse
The study found that remote workers regularly engage in risky behavior -- opening e-mails from unknown sources, using corporate PCs for personal activities and "hijacking" their neighbors' Wi-Fi connections.
In one interesting twist on the issue of corporate device use, Cisco's report found that more people than ever are also using personal devices that are not under the control or management of their IT departments to access their companies' networks and electronic files. Some 49 percent of those people responding to the survey admitted using their own machines to do so, an increase from 46 percent one year ago.
Accessing work files with personal, non-IT-protected devices: Accessing corporate networks and files with devices that are not protected by an employee's IT team presents security risks to the company, its information and its employees. As the number of remote workers grows, the study reveals an annual rise (45 percent in 2006 to 49 percent in 2007) in this behavior. It's widespread in many countries, especially China (76 percent), the United States (55 percent), Brazil (52 percent) and France (48 percent).
why?, Reasons Offered: "These devices are secure with antivirus and other content security software", "I regularly use these devices to access my network", "My IT department has said it's OK to do so".
In some cases, teleworkers will disconnect from their corporate VPN to shop online, then reconnecting afterward, Grey said. However, doing so could mean the user brings malware with them once they reconnect, endangering the corporate network.
"While working at home, people tend to let their guard down more than they do at the office, so adhering to security policies doesn't always intuitively seem applicable or as necessary in the private confines of one's home," Stewart said. "The blurring of the lines between work and home, and between business lives and personal lives, presents a growing challenge for businesses seeking to capitalise on the productivity benefits of the remote workforce."
A 3 percentage-point increase year-over-year shows that more remote workers use corporate devices for personal use, such as Internet shopping, downloading music, and visiting social networking sites. This trend occurs in eight of the 10 countries, and the highest year-to-year spike occurs in France (27 percent to 50 percent). In Brazil, this trend rose 16 percentage points despite an increasing number of respondents agreeing that this was unacceptable behavior (37 percent to 52 percent year-over-year).
Reasons Offered: "My company doesn't mind me doing so", "I'm alone and have spare time", "My boss isn't around", "My IT department will support me if something goes wrong".
As employees work more from home, the likelihood increases that they will share corporate devices with non-employees (e.g. family, roommates) who are not educated by IT or held to a company's security policies. This trend is increasing. While China features the highest rate of "device sharing" for the year (39 percent), the United Kingdom (from 7 percent in 2006 to 22 percent in 2007) and France (from 15 percent to 26 percent) reveal steep year-over-year increases.
Reasons Offered: "I don't see anything wrong with it", "My company doesn't mind me doing so", "I don't think it increases security risks", "Co-workers do it".
careless computing habits and personal Internet activity carried out on corporate laptops
less diligent toward security awareness
believe that they are protected with best technology
users are actually behaving less responsibly,
The problem is that, despite this awareness, the incidence of insecure behavior is actually growing anyway.
According to a 2007 Gartner report, "The worldwide corporate teleworking population of individuals that spend at least one day a month teleworking from home is expected to show a compound annual growth rate (CAGR) of 4.3 percent between 2007 and 2011. … In the same period, the worldwide corporate teleworking population of individuals that spend at least one day a week teleworking from home is expected to show a CAGR of 4.4 percent. This population will likely reach 46.6 million by the end of 2011."1
"Remote access and distributed workforces are here to stay. They provide competitive advantages and greater operational efficiency," said John N. Stewart, Cisco's chief security officer. "Businesses have the opportunity to benefit from productivity increases while preventing security risks from undermining them. This study provides intelligence and recommendations for understanding and minimizing risks as businesses allow employees to branch out beyond the traditional office. It explores their remote workers' psyche and provides valuable information about their approach to security."
working from non-office locations is now a fact of life for most businesses and the risks must be mitigated against
Risks increased when we moved away from mainframes and proprietary networks to client devices, but the increased benefits hugely outweigh the downsides. Sensible policies, appropriate security and above all training can sufficiently mitigate."
Perhaps even more importantly, the lines between home computing and work computing are beginning to blur, the study suggests. Nearly half (49 percent) of respondents now say they are using their own personal devices to access their work files, up from 45 percent a year ago. And some 48 percent of users now use their work computers to access personal files, up from 46 percent last year.
Despite widespread security awareness campaigns, many users believe that their company's security "messaging is mellowing," Gray says. The growing use of mobile devices and "Web 2.0" technologies such as social networking are driving users toward the Internet at a higher rate, but security policies and enforcement are perceived to be softer than they were a year ago, he suggests.
The messaging [from the corporation] needs to change," Gray said. "A lot of the awareness programs were written when viruses were the big problem, but you have to update your message as users move to things like Web 2.0. People have got to start to understand that the office PC is a business tool. You can't just use it whenever you want to upload the latest MP3 file or whatever."
By using their company-issued devices to head to corners of the Internet where attacks are more prevalent -- such as on e-commerce sites, social-networking portals, and independent Web properties, workers are putting their employers at risk of exploit by malware and other threats
false sense of security
less on computing habits or behaviour
what type of traffic is outbound?
using personal devices that are not under the control or management of their IT departments to access their companies' networks and electronic files.
blended threats, A blended threat is a malware that is made up of a combination of different malware components, such as, a worm, a trojan horse and a computer virus that uses multiple techniques to attack and propagate., gsearch turns up lots of items here
social engineering, In addition to the growing number of threats being hosted on social-networking sites such as MySpace, Gray said that the personal data that people share about themselves and their employers on the sites poses a significant risk for the creation of targeted attacks.
information exposure, If an attacker can go to a site like LinkedIn and get a firm grasp on someone's role in an organization and figure out who they might communicate with in the firm, it could be fairly easy for them to create an attack that easily tricks the individual into opening an infected e-mail, according to the expert., However, it would appear that even suspicious e-mail arriving from unknown senders, long the favorite delivery channel for malware and links to phishing sites, continues to stand as a problem, specific to remote working
data exposure, In addition to the growing number of threats being hosted on social-networking sites such as MySpace, Gray said that the personal data that people share about themselves and their employers on the sites poses a significant risk for the creation of targeted attacks.
Annual study on the security awareness and online behavior of remote workers -- based on interviews with 2,000 telecommuters carried out by researchers from InsightExpress -- Cisco experts said that people appear to have acquired a false sense of security w
That's among the findings of the second annual survey of remote working commissioned by networking giant Cisco Systems, which paints a picture of general (and increasing) slackness about IT security threats. The poll of 2,000 remote workers and IT pros from ten countries, including the UK, found that many remote workers were happy to risk opening suspicious emails and attachments.
In fact, Cisco Systems Inc. today is releasing the results of a disturbing third-party study it commissioned over the summer which proves conclusively that -- in many businesses all over the world -- remote users are actually engaging in more insecure behavior than they did the previous year.
CISCO press release about the report, earlier report, report itself not rekeased
We can therefore completely control the resources available, including preventing printing, cutting, copying of data and even downloads onto those ubiquitous USB memory sticks."
We deploy varying levels of remote access from basic Outlook web access to full blown VPN depending on the need. This impacts on the potential risk, ease of accessibility, the amount of support needed to maintain the systems and ultimately the cost