CyberArk, a specialist in identity security, has released research exposing risky employee habits that undermine workplace cybersecurity. The findings, based on a survey of 14,000 employees across six countries, reveal gaps in how organisations manage access in today’s hybrid work environments.
The report, CyberArk 2024 Employee Risk Survey, highlights widespread behaviours that increase vulnerability, such as poor password practices, bypassing security policies, and improper use of AI tools.
Alarming Trends in Employee Behaviour
The survey found that 80% of employees access workplace applications from personal devices, which often lack proper security controls. Privileged access, once limited to IT staff, is now common, with 40% of employees downloading customer data and 31% authorised to approve high-value financial transactions.
Password misuse also persists, with nearly half of respondents reusing credentials across multiple work applications, and 36% doing so for personal accounts. Additionally, 52% admitted to sharing workplace-specific confidential information with third parties.
Compounding these issues, 65% of employees reported bypassing cybersecurity policies to save time, and over 70% use AI tools, sometimes mishandling sensitive data.
The Hidden Dangers of Online Histories
CyberArk Labs’ White FAANG research adds another layer of concern, showing how attackers could exploit employees’ browsing histories. Data collected by major tech companies, such as Apple and Meta, could be weaponised to compromise personal and corporate security.
A Call for Change
CyberArk CEO Matt Cohen argued that traditional security methods, like single sign-on authentication, are no longer sufficient. “High-risk access exists across all job roles, and risky behaviours are widespread,” he said. Cohen called for robust identity security measures with dynamic privilege controls to ensure access is limited to what employees genuinely need.
A Critical Moment for Cybersecurity
As hybrid work becomes the norm, CyberArk’s findings highlight the need for organisations to rethink their approach to identity security. Addressing risky behaviours and adopting advanced privilege controls will be critical to mitigating threats in an increasingly complex digital landscape.