CyberArk announced the results of new employee research that highlights
the need to shift to a model where workforce access is not just managed,
but secured. Driven by hybrid working and flexible access trends,
a multi-country report
reveals how many common employee sensitive and privileged data access
behaviors - deliberate and accidental - put organizations at risk. In
parallel, new
research from CyberArk Labs shows how one's online history can be a threat to employers as well as to personal lives.
Four Key Findings of CyberArk 2024 Employee Risk Survey: Harmful Employee Behaviors
Based on a survey of 14,003 employees working in all major
types of job roles and vertical industries across the USA, UK, France,
Germany, Australia and Singapore, the report
reveals insights into prevalent employee behaviors and data access
patterns. It shows that security teams must rethink how identity
security controls are applied to the modern workforce.
-
Majority Have Access to Sensitive Information: 80% access
workplace applications - which often contain business-critical data -
from personal devices that frequently lack adequate security controls.
The survey confirms that privileged access is no longer confined to IT
admins. 40% of respondents indicated they habitually download customer
data; a third are able to alter critical or sensitive data; and just
over three in 10 can approve large financial transactions.
-
Password Reuse Is Common: The report highlights several worrisome
habits. 49% of employees surveyed use the same login credentials for
multiple work-related applications, while 36% use the same credentials
for both personal and work applications. 52% of those surveyed have
shared workplace-specific confidential information with outside parties.
These practices significantly heighten the risk of security leaks and
breaches.
-
Majority Bypass Cybersecurity Policies: 65% of employees often
bypass cybersecurity policies to make their lives easier. Common
workarounds include using personal devices as WiFi hotspots and
forwarding corporate emails to personal accounts.
-
AI Adoption Creates More Security Challenges: The report also
sheds light on the growing use of AI tools in the workplace. Over 72% of
employees use AI tools, which can introduce new vulnerabilities when,
for instance, sensitive data is inputted into them. Over a third (38%)
of employees either ‘only sometimes' or ‘never' adhere to guidelines on
handling sensitive information in their use of AI tools.
New CyberArk Labs Research: "White FAANG"
"White FAANG: Devouring Your Personal Data"
is new research from CyberArk Labs that shows how the individual
browsing and internet history of individual employees can present cyber
issues for their employers, as well as to personal lives. Detailing how
individual browsing history data - downloaded from technology giants
like Apple and Meta - is easily stolen, it shows how an attacker might
abuse this extensive information trove to serve as, for example, an
attack vector into employer organizations.
The combination of worrisome employee actions and attackers' ability to
steal and capitalize on browsing history and internet usage increases
risk for organizations. By implementing a robust identity security
program with dynamic privilege controls at every user checkpoint,
security teams can prevent attackers from gaining access to sensitive
and privileged information without adding unwanted friction into
workplace processes.
"For far too long, the standard approach to workforce access security
has been centered around basic controls like authentication via single
sign on. This ignores the reality of the modern worker and the changing
nature of identity: the average employee can be a casual workforce user
and, the next moment, a privileged account," said Matt Cohen, CEO at
CyberArk. "These findings show that high-risk access is scattered
throughout every job role and bad behaviors abound, creating serious
security issues for organizations and highlighting the pressing need to
reimagine workforce identity security by securing every user with the
right level of privilege controls."