A10 AIR: How Geography Influences Our Attitude Toward Security and Apps
There’s no question that where you live has a major impact on your life. The culture, the customs, the traditions you’re immersed in day-to-day shape your personality, your attitude and your behavior.
It’s the same with applications and security. According to the A10 Application Intelligence Report, A10 AIR, how we perceive personal and corporate security and how we engage with work and personal applications varies based on where we live. The study indicates that some countries’ respondents have more of a relaxed, almost nonchalant attitude toward security compared to others.
Taking a deeper dive into AIR provides cultural insight into the dependencies on business and personal apps within countries that feature leading and fast-growing economies: The United States, Brazil, United Kingdom, France, Germany, Japan, South Korea, India, China and Singapore.
Which respondents are more dependent on applications as part of their daily lifestyles? That would be those from China, India, South Korea and Brazil.
Which countries’ respondents are more diligent about security-minded behavior and careful about protecting themselves when interacting with applications? According to AIR, respondents from Germany, Japan and France.
Spotlighting these differences is a major reason behind A10 AIR. Let’s be honest – every year, many security vendors issue reports that quantify the number of attacks, victims or costs associated with malicious behavior. However, very few vendors and reports explore the human side of security threats.
But if you ask any chief security officer, chief information security officer or security practitioner working for them, they will agree wholeheartedly that security is a human problem as much or more than it is a technology one. Some will even say it’s a human problem first, and technology is merely used to solve it.
So from that perspective, understanding negligent as well as malicious behavior and the risks they create for businesses, brands, networks, applications and employees is common sense.
Understanding differences globally is especially important for multinational corporations, because the threat landscape within organizations may vary from country to country. As security practitioners often say, you can’t apply a mayonnaise approach to security because risk profiles will differ in different places around the world. This perspective allows businesses, IT organizations and security teams to consider appropriate products and technology in concert with corporate policies that collectively work to mitigate such risk.
Put another way, the security industry and vendor community spend inordinate amounts of time and marketing dollars spotlighting malicious activities of bad actors and how to stop them. But consider the exponentially greater number of negligent, innocent actions from employees and executives at companies around the world who increase risk for themselves and their employers every day without even knowing it.
AIR contains dozens of key findings that help IT and security teams understand their threat landscape within their organizations – not just outside – and allows them to make strategic decisions about how they incorporate product purchase decisions with corporate policy decisions, employee education, corporate culture and executive endorsement as one holistic risk management and corporate security strategy. Here we look at seven of those findings through the lens of geographical differences.
With or Without Apps
We’ve all heard people say that they couldn’t live without their business and personal apps. A10 AIR put that statement to the test to determine whether it’s just hyperbole. We found that respondents from countries that are more digitally dependent do indeed say they would have a hard time living without applications.
Ninety-nine percent of A10 AIR respondents from China say they “could not live” or “would struggle to live” without apps, followed by India, 97 percent, Brazil, 96 percent, and South Korea, 90 percent.
Meanwhile, Germany had the highest number of respondents, 30 percent, who say they “can easily live without apps,” followed by 23 percent from France and 21 percent from both the U.K. and Japan.
Breathing, Eating, Drinking and Apps
A10 AIR found that, for many, applications have become an integral part of daily life – so much so that some respondents put equal value on applications as they do basic human necessities like breathing, eating and drinking.
For example, at least two of three, 68 percent, A10 AIR respondents in India and South Korea say apps are as significant or nearly as significant as breathing, eating and drinking. Of those respondents who say apps are equally important, India ranks highest with 38 percent, followed by Brazil, 33 percent, and China, 31 percent.
Meanwhile, 26 percent of respondents from Japan ranked the importance of apps with basic necessities of life, followed by Germany, 37 percent, and France, 41 percent.
Typing vs. Talking
Putting the importance of applications to the test even more, A10 AIR compared how much people tend to type versus talk, focusing on the behavioral trend within business and personal lifestyles of communicating more through applications than human to human. For businesses, the continuing increase in application usage, which is a form of communication, affects corporate threat landscapes.
Many respondents put access to applications above talking with other people. For example, in India, 16 percent of respondents say access to apps is more important than talking or other forms of social interaction, such as in-person access to friends and family. Meanwhile, access to business and personal apps scored lowest in Japan, where just 4 percent of respondents choose access to apps over the other options. France, Germany and the U.K. followed with 6 percent each.
Security Before and After
AIR reveals that the majority of respondents think of security before electing to download an app, which is a positive finding for individuals and IT organizations alike. But once the download is complete, employees quickly prioritize performance and ease of use over security and best practices. This reality is not what businesses, IT and security teams want to hear.
Respondents from China are the most security-minded when it comes to apps before downloading and during use.
Ninety-seven percent of respondents from China say security is a top priority before downloading apps, followed by France, 88 percent, and the U.S., 87 percent. Twenty-four percent of respondents from both the U.K. and Japan disagree or strongly disagree that security is an influence or deterrent in downloading apps, followed by Germany, 23 percent, and India, 21 percent.
Meanwhile, respondents from South Korea, 72 percent, the U.S., 65 percent, France, 63 percent, and Singapore, 59 percent, rank performance and ease of use higher than security when accessing an app.
The previous findings provide an unfortunate segues to serious problems businesses and individuals face every day. According to AIR, respondents from countries with a stronger dependency on apps and a more relaxed attitude toward security are more likely to report being a victim of a cybercrime.
For example, in China, nearly two out of five, 39 percent, of respondents say they’ve had their identity stolen, followed by 23 percent in South Korea and 16 percent in the U.S. Respondents from France and Germany, 5 percent, report the lowest rates of known identity theft.
However, consider a company with 1,000 employees. Or 10,000. Or 100,000. Apply these percentages to employee bases using work-issued devices and work applications alongside personal applications, and using corporate networks in the office and remotely. As work and personal lives blur, the blended life phenomenon conceivably drags IT and security teams into employees’ homes for protecting business information.
Nearly three in 10 A10 AIR respondents, 29 percent, from China say they’ve had their device (e.g. work-issued or personal mobile phone or laptop) hacked, followed by South Korea, 27 percent, the U.S. and the U.K., both 24 percent. Meanwhile, respondents in Japan, 10 percent, and India, 16 percent, reported the fewest incidents of being hacked.
Keep in mind – these findings only take into account hacking incidents that are known to the victim. Many times hacks occur unbeknownst to the victim.
IoT Not a Perceived Threat
Meanwhile, the majority of respondents to A10 AIR, 65 percent globally, rank laptops and mobile phones as the most vulnerable devices, ahead Internet of Things (IoT) devices like Internet-enabled cars, smart TVs and surveillance cameras.
Respondents in China are most aware of the vulnerability of surveillance
cameras, with more than half, 54 percent, stating that cameras are a potential cyberthreat. Japan, 38 percent, and South Korea, 32 percent, are the other countries where respondents are most aware of camera vulnerabilities.
The misperception that IoT devices aren’t as vulnerable as laptops or mobile phones can be dangerous, as many IoT devices like smart TVs and video cameras are now prominent in nearly every office and corporate building worldwide, creating new, largely unsecured, attack points for threat actors.
For example, last fall between 300,000 to 500,000 video cameras were compromised by the Mirai botnet and used to launch the largest DDoS of Things attacks on record – one of which reached 1Tbps. The fact that so many respondents believe mobile phones and laptops are much more vulnerable to malicious attacks shows how perceptions can be misperceptions, and misperceptions can increase risk for companies and their employees.
A10 AIR shines a light on how our behavior and attitude toward applications and security affect corporate risk and security and offers IT and security pros insight into the human side of security threats.
Examining the results by geography highlights which countries’ respondents are more diligent (or not) about application security, and therefore introduce fewer risks; and which are less attentive to the broader impact their use of applications has on business and corporate security. As you can see from the results, how we interact with apps and feel about security can, in many cases, be mapped to where we live and our dependency on applications.
This is just a glimpse of the data A10 AIR uncovered about the impact employee behavior and attitude toward work and personal applications can have on corporate culture and cybersecurity. Download the full A10 Application Intelligence Report for a deeper dive into all of the data and to learn more about how behaviors and attitudes vary based on geography, age and other factors.