In 1588, a navigational error led to the defeat of the Spanish Armada, changing the course of European history. Even before modern technology’s advent, human error has had significant consequences. Unfortunately, the modern era has maintained these vulnerabilities. Today, CyberArk’s new report reveals that many of the same human errors and risky behaviors continue to pose serious cybersecurity risks and threats to organizational security in an increasingly digital and hybrid work environment.
The increasing flexibility of modern work environments has led to significant security risks, according to a new report from CyberArk, a leader in identity security. The “2024 Employee Risk Survey” reveals concerning behaviors among employees across multiple countries, highlighting the urgent need to strengthen workforce access management and secure identity security practices.
Based on a survey of over 14,000 employees in the United States, United Kingdom, France, Germany, Australia, and Singapore, CyberArk found that many workers inadvertently introduce cybersecurity risks into their organizations. As hybrid and remote work become more common, workers often access sensitive business data from personal devices, share passwords, and bypass cybersecurity measures—behaviors that expose businesses to increased cyber risks. The report emphasizes the need for a shift from merely managing workforce access to actively securing it.
Our further takeaways follow; you can get the whole report here.
Employee Access Risks Are Pervasive
One key finding is that a significant majority of employees have access to sensitive information. Alarmingly, some 80% of respondents stated that they access workplace applications—many containing critical company data—from their personal devices. Conventionally, these devices lack robust security measures. That increases the risk of data breaches. Also, 40% of employees regularly download customer data, and 33% can access and alter critical information. Finally, 30% can approve large financial transactions.
The report underscores that privileged access is no longer restricted to IT administrators. The report reveals that almost every employee, from senior executives to entry-level workers, has some level of privileged access. The rise in access to sensitive data increases the attack surface criminals might target. This makes it harder for cybersecurity teams to keep up with the threats.
CyberArk’s experts stress that this situation requires a rethink of identity security controls. Protecting against cyberattacks means ensuring every user, whether in-house, third-party or machine-based, is operating securely. The scale of employee access to company systems from unsecured personal devices reveals a stark reality and a need for a proactive security approach.
Risky Behaviors and Password Mismanagement
The report also reveals widespread risky behavior related to password usage. Nearly half (49%) of surveyed employees admitted to using the same login credentials for multiple work-related applications. Don’e look away cybersecurity experts, a further 36% use the same credentials for both work and personal accounts. Password reuse or uniformity significantly heightens the risk of a security breach. It’s like having one key that opens every lock.
Additionally, the survey found that 52% of respondents have shared workplace-specific confidential information with outsiders. It’s a bit of a no-brainer, but it’s worth saying, given the findings in the report, this practice introduces substantial risks. This is particularly true as businesses become more reliant on distributed and hybrid workforces. Many employees do not understand how such behaviors can compromise their organization’s security. This suggests that greater training and explanation are part of the solutions. CyberArk experts point out that even seemingly innocent actions, such as sharing a work password with a colleague or using personal devices to store work data, can introduce cybersecurity risks if those devices or accounts are compromised.
Workarounds to Cybersecurity Policies Are Common
Another significant finding is that employees often bypass cybersecurity policies to make their work easier. Sixty-five percent of employees admitted to circumventing company cybersecurity guidelines, often in the name of convenience. This is the digital version of propping a back door open. These workarounds include using personal devices as WiFi hotspots, forwarding corporate emails to personal accounts, or avoiding software updates that might slow them down. Obviously, such behaviors create vulnerabilities that attackers can easily exploit.
The report highlights a critical need for companies to rethink how they implement security controls. Security measures that slow down or hinder productivity are often ignored by employees who prioritize efficiency over security. Organizations should consider implementing identity security solutions that empower employees to work efficiently without compromising safety.
AI Tools Introduce New Cybersecurity Risks
The adoption of AI is widespread, with 72% of employees report using various technologies for work. While AI can enhance productivity, it also presents new challenges for security teams, especially when sensitive data is entered into AI systems. The report found that 38% of employees only sometimes adhere to company policies on using AI tools, and 8% never follow them. Furthermore, 9% of surveyed employees reported that their organization has no AI policies in place.
The growing use of AI requires security teams to adapt their strategies. Companies need clear guidelines for their use; a big part of that is ensuring that employees understand the importance of safeguarding sensitive information, even when using advanced technologies.
Balancing Security and Productivity
The report emphasizes that effective identity security should not hinder employees from doing their jobs efficiently. That’s easy to say, and it seems straightforward. Security measures must strike a balance between ensuring data safety and enabling employees to maintain productivity. The report suggests that organizations adopt a “least privilege” approach, where access to sensitive information is restricted based on necessity, thereby reducing potential attack vectors while maintaining efficiency.
As you might imagine, CyberArk has a tool for this. Their Workforce Identity Security platform is designed to help strike this balance. It focuses on intelligent privilege, controls, and secures access for all identities—both human and machine. All while ensuring employees can easily perform their duties without unnecessary friction. It’s not surprising that we hear the words “evolving threats” all the time in relation to cybersecurity. But given the lag on actions its important to emphasize that the report’s findings suggest that organizations must modernize their security strategies to accommodate the evolving workforce. And remember, this often includes remote, hybrid, and highly mobile work environments.
Conclusion: Rethinking Identity Security
The CyberArk 2024 Employee Risk Survey paints a stark picture of the current state of workforce cybersecurity. That’s how AI would put it. The more colorful way to put it is that it’s a S–t-show. The proliferation of hybrid work and the increasing number of identities with access to sensitive information means that traditional security models are no longer sufficient. All employees are potential security risks, whether through deliberate actions or carelessness. Everyone is a weak point.
In mitigating these risks, CyberArk suggests companies use a comprehensive approach to identity security that encompasses all potential attack pathways while ensuring a seamless user experience.
A secure future will require organizations to rethink how they manage identity security, implementing controls that protect sensitive data and do not get in the way of productivity. It’s not an easy balance to strike. Furthermore, security and a well-trained workforce are a perishable reality. But by embracing intelligent privilege management and leaning into modern tools like AI with proper oversight, businesses can better safeguard against the ever-expanding threat landscape.
Other News: The Role of Human Error in Cybersecurity Failures and How to Mitigate It(Opens in a new browser tab)
Other News: UK underestimates threat of cyber-attacks from hostile states and gangs, says security chief.
