Younger employees disregard safety rules

B2B Cyber ​​Security ShortNews

Share post

According to the German Association of Civil Servants, around a quarter of all public sector employees will resign in the next ten years for reasons of age. They are being replaced by young employees from Millennials and Generation "Z".

An example of this: a good third of Generation Z employees also use private passwords at work (35%). Among millennials, this behavior is still found in one in four respondents (26%). In contrast, just 8% of employees born before 1965 (baby boomers) use the same passwords for private and business use. Young employees are also more likely to use the same or similar passwords across multiple accounts or devices (Generation Z: 48%, Millennials: 40%, Generation X: 31%, Baby Boomers: 22%). Such behavior makes it much easier for threat actors to gain initial access to an administration's IT systems. There is also a widespread willingness among younger employees to allow third parties access to company devices. One in five Gen Z workers (22%) have family members work with these devices. This only applies to 10% of baby boomers.

German authorities ill-prepared

It is no coincidence that young employees neglect the basic rules of data security. In a country comparison, German authorities perform poorly in the prevention of IT threats. One example is security training. Only a little more than half (54%) of those surveyed in Germany undergo mandatory training. For comparison, 61% of government agencies around the world require their employees to have cyber training. This situation also affects the employees' perception of threats. In their own estimation, 77% feel adequately prepared to identify and report threats such as malware and phishing in the workplace. However, just one in five German employees (19%) believes that they are very well prepared. With this, too, Germany is lagging behind in the global average.

One in four receives phishing emails

In view of the increasingly sophisticated phishing e-mails, which thanks to generative AI will in future hardly be distinguishable from legitimate e-mails, comprehensive training would be advisable. And the danger is real: 24% of employees in Germany (30% worldwide) report that they have been affected by phishing emails in the last 12 months. 5% (in Germany and worldwide) clicked on a link in a phishing email or transferred money to a scammer. Interestingly, these values ​​also correspond to the information provided by employees from the private sector. In a comparative study from December 2022, Ivanti found that 23% of them had been affected by phishing in the last year (State of Cybersecurity Preparedness 2023). According to both studies, employees in administrations and companies are attacked less frequently than the global average.

Employee: “None of my business”

Overall, however, the basic attitude of many employees in the public sector is questionable: "IT security is none of my business." According to the study:

  • believe 53 percent of employees in Germany (worldwide: 34%) do not think that their actions affect the security of their agency
  • feel 11 percent (Global: 17%) feel uncomfortable reporting mistakes they made to the IT team
  • it´s 9 percent (worldwide: 17%) don't even care if their agency is hacked
More at Ivanti.com

 


About Ivanti

The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.


More at Sophos.com

 

Matching articles on the topic

Companies spend 10 billion euros on cybersecurity

Germany is arming itself against cyber attacks and is investing more than ever in IT and cyber security. In the current year the ➡ Read more

Qakbot remains dangerous

Sophos X-Ops has discovered and analyzed a new variant of the Qakbot malware. These cases first appeared in mid-December and they ➡ Read more

VexTrio: most malicious DNS threat actor identified

A DNS management and security provider has exposed and blocked VexTrio, a complex criminal affiliate program. This increases cybersecurity. ➡ Read more

A comeback from Lockbit is likely

It is fundamentally important for Lockbit to be visible again quickly. Victims are presumably less willing to pay as long as there are rumors ➡ Read more

LockBit is alive

A few days ago, international law enforcement authorities scored a decisive blow against Lockbit. According to a comment from Chester Wisniewski, Director, Global ➡ Read more

Cyber ​​danger Raspberry Robin

A leading provider of an AI-powered, cloud-delivered cybersecurity platform warns about Raspberry Robin. The malware was first released in the year ➡ Read more

New scam Deep Fake Boss

Unlike classic scams such as the email-based boss scam, the Deep Fake Boss method uses high-tech manipulation ➡ Read more

Classification of the LockBit breakup

European and American law enforcement authorities have managed to arrest two members of the notorious LockBit group. This important strike against the ransomware group ➡ Read more