High-risk access exists throughout the workplace, in almost every job role, proving that the time has come for organizations to re-think the way they protect their workforce, according to CyberArk.
CyberArk surveyed 14,003 employees in the UK, USA, France, Germany, Australia and Singapore to uncover workforce behaviors that security teams are most keen to put a stop to.
Employees depend on privileged access to complete daily tasks
These days, almost all employees have some kind of sensitive or privileged access; they need it, in fact, just to get the job done.
CyberArk found that all employees surveyed access work applications and services from their corporate device, including access communications and collaboration tools e.g. Teams, Slack, Outlook (52%), IT admin and management tools (41%) and customer-facing apps (34%). These are business-critical applications that contain sensitive and privileged data.
Meanwhile, 80% of those surveyed also access work applications and services from personal devices.
Nearly every workforce user has the potential to be a security risk. For many workers, this outcome is made even more likely by their tendency to engage in risky behavior that could make their organization more vulnerable to costly and damaging cyberattacks.
For example, in the past year, 60% of those surveyed have used a personal device to access work-related apps, emails, or systems.
65% of office workers surveyed admitted they’ve found ways to get around cybersecurity policies in the name of productivity. 27% of those surveyed use one password across multiple accounts to avoid aggravation, while 20% say they use personal devices as WiFi hotspots.
AI adoption creates new attack surface
According to the research, the majority of workers have already adopted AI, with 72% of those surveyed saying they use AI tools for work. This widespread use of AI has opened up a new attack surface for security teams to manage and created new vulnerabilities for organizations, because the use of many AI tools often involves inputting sensitive data.
50% of respondents said they don’t always adhere to company policies about adding sensitive or confidential information to AI tools – or that their company doesn’t have an AI policy.
C-level executives are most likely to fall victim to a phishing scam, as 62% reported having clicked on links in a phishing email at least once, compared to 25% of entry-level employees.
49% of office workers are using the same login credentials to access multiple work-related applications, and 36% use the same login credentials for personal and workplace applications and services. 30% of workers share workplace-related passwords and credential logins with co-workers.
36% admitted they don’t immediately install security patches or software updates for all their personal devices.
Even when workers have the best of intentions, risky shortcuts are all too common. Now more than ever, it’s important that organizations and their security teams build resilient identity security strategies that make it easy for workers to do their jobs while reducing overall risk.