05 December 2024
New employee research from CyberArk highlights the need to change the way we work and shift to a model where workforce access to the tools and applications we all use every day is not just managed but secured.
Driven by hybrid working and flexible access trends, the report reveals how many employee behaviours – deliberate and accidental – put organisations at risk.
Based on a survey of 2,000 office workers in the UK, the report reveals insights into prevalent employee behaviours and data access patterns. It shows that security teams must rethink how identity security controls are applied to the modern workforce.
80% access workplace applications - which often contain business-critical data - from personal devices that frequently lack adequate security controls. The survey confirms that privileged access, or worker access to confidential data and controls, is no longer confined to IT admins. 39% of respondents indicated they habitually download customer data; more than a third are able to alter critical or sensitive data; and just over three in 10 can approve large financial transactions.
The report highlights several worrisome habits. 49% of employees surveyed use the same login credentials for multiple work-related applications, while 36% use the same credentials for both personal and work applications. 50% of those surveyed have shared workplace-specific confidential information with outside parties. These practices significantly heighten the risk of security leaks and breaches.
65% of employees often bypass cybersecurity policies to make their lives easier. Common workarounds include using one password across multiple accounts; using personal devices as WiFi hotspots; and forwarding corporate emails to personal accounts.
The report also sheds light on the growing use of AI tools in the workplace. Over 72% of employees use AI tools, which can introduce new vulnerabilities when, for instance, sensitive data is inputted into them. 42% of employees either ‘only sometimes’ or ‘never’ adhere to guidelines on handling sensitive information in their use of AI tools.
“For far too long, the standard approach to workforce access security has been centred around basic controls like authentication via single sign on. This ignores the reality of the modern worker and the changing nature of identity: the average employee can be a casual workforce user and, the next moment, a privileged account,” said Matt Cohen, CEO at CyberArk. “These findings show that high-risk access is scattered throughout every job role and bad behaviors abound, creating serious security issues for organisations and highlighting the pressing need to reimagine workforce identity security by securing every user with the right level of privilege controls.”
The combination of worrisome employee actions and the increasing superiority of attacker tactics presents a ‘now or never’ moment for security teams. By implementing a robust identity security program with dynamic privilege controls at every user checkpoint, security teams can prevent attackers from gaining access to sensitive and privileged information without adding unwanted friction into workplace processes.
