New Research from CyberArk Reveals Security Risks Introduced by Everyday Employee Behaviors
CyberArk (NASDAQ: CYBR) has released new research highlighting security risks posed by employee behaviors. The study surveyed 14,003 employees across six countries and revealed that:
- 80% access workplace applications from personal devices lacking security controls.
- 40% habitually download customer data, and over 30% can alter sensitive data or approve large transactions.
- 49% reuse login credentials across multiple applications, while 52% have shared confidential information externally.
- 65% bypass cybersecurity policies for convenience.
- 72% use AI tools, but 38% do not follow guidelines for handling sensitive data.
Additional research from CyberArk Labs shows that individual browsing history can be exploited by attackers, increasing organizational risks. The findings emphasize the need for robust identity security programs with dynamic privilege controls.
CyberArk (NASDAQ: CYBR) ha pubblicato una nuova ricerca che evidenzia i rischi per la sicurezza derivanti dai comportamenti dei dipendenti. Lo studio ha intervistato 14.003 dipendenti in sei paesi e ha rivelato che:
- l'80% accede alle applicazioni aziendali da dispositivi personali privi di controlli di sicurezza.
- il 40% scarica abitualmente dati dei clienti, e oltre il 30% può modificare dati sensibili o approvare transazioni di grandi dimensioni.
- il 49% riutilizza le credenziali di accesso su più applicazioni, mentre il 52% ha condiviso informazioni riservate all'esterno.
- il 65% ignora le politiche cybersecurity per comodità.
- il 72% utilizza strumenti AI, ma il 38% non segue le linee guida per la gestione dei dati sensibili.
Ulteriori ricerche condotte da CyberArk Labs mostrano che la cronologia di navigazione individuale può essere sfruttata dagli attaccanti, aumentando i rischi per l'organizzazione. I risultati enfatizzano la necessità di programmi di sicurezza dell'identità robusti con controlli dinamici dei privilegi.
CyberArk (NASDAQ: CYBR) ha lanzado una nueva investigación que destaca los riesgos de seguridad derivados del comportamiento de los empleados. El estudio encuestó a 14,003 empleados en seis países y reveló que:
- el 80% accede a aplicaciones laborales desde dispositivos personales que carecen de controles de seguridad.
- el 40% descarga habitualmente datos de clientes, y más del 30% puede modificar datos sensibles o aprobar transacciones grandes.
- el 49% reutiliza las credenciales de inicio de sesión en múltiples aplicaciones, mientras que el 52% ha compartido información confidencial externamente.
- el 65% ignora las políticas de ciberseguridad por conveniencia.
- el 72% utiliza herramientas de IA, pero el 38% no sigue las pautas para manejar datos sensibles.
Investigaciones adicionales de CyberArk Labs muestran que el historial de navegación individual puede ser explotado por atacantes, aumentando los riesgos organizacionales. Los hallazgos enfatizan la necesidad de programas robustos de seguridad de identidad con controles dinámicos de privilegios.
CyberArk (NASDAQ: CYBR)는 직원 행동으로 인한 보안 위험을 강조하는 새로운 연구 결과를 발표했습니다. 이번 연구는 6개국에서 14,003명의 직원을 대상으로 조사했으며, 다음과 같은 결과를 보여주었습니다:
- 80%는 보안 제어가 없는 개인 장치에서 업무 애플리케이션에 접근합니다.
- 40%는 고객 데이터를 습관적으로 다운로드하며, 30% 이상은 민감한 데이터를 변경하거나 대규모 거래를 승인할 수 있습니다.
- 49%는 여러 애플리케이션에서 로그인 자격 증명을 재사용하고, 52%는 기밀 정보를 외부와 공유했습니다.
- 65%는 편리함을 위해 사이버 보안 정책을 무시합니다.
- 72%는 AI 도구를 사용하지만, 38%는 민감한 데이터 처리 가이드를 따르지 않습니다.
CyberArk Labs의 추가 연구에 따르면 개인의 브라우징 기록이 공격자에 의해 악용될 수 있어 조직의 위험이 증가합니다. 이 결과는 동적 권한 제어가 포함된 강력한 정체성 보안 프로그램의 필요성을 강조합니다.
CyberArk (NASDAQ: CYBR) a publié une nouvelle recherche soulignant les risques de sécurité posés par le comportement des employés. L'étude a sondé 14 003 employés dans six pays et a révélé que :
- 80 % accèdent aux applications professionnelles depuis des appareils personnels manquant de contrôles de sécurité.
- 40 % téléchargent habituellement des données clients, et plus de 30 % peuvent modifier des données sensibles ou approuver de grandes transactions.
- 49 % réutilisent les identifiants de connexion sur plusieurs applications, tandis que 52 % ont partagé des informations confidentielles à l'extérieur.
- 65 % contournent les politiques de cybersécurité pour des raisons de commodité.
- 72 % utilisent des outils d'IA, mais 38 % ne suivent pas les directives de traitement des données sensibles.
Des recherches supplémentaires de CyberArk Labs montrent que l'historique de navigation individuel peut être exploité par des attaquants, augmentant les risques organisationnels. Les résultats soulignent la nécessité de programmes de sécurité d'identité robustes avec des contrôles dynamiques des privilèges.
CyberArk (NASDAQ: CYBR) hat eine neue Forschung veröffentlicht, die die Sicherheitsrisiken hervorhebt, die durch das Verhalten von Mitarbeitern entstehen. Die Studie befragte 14.003 Mitarbeiter in sechs Ländern und ergab, dass:
- 80 % von persönlichen Geräten ohne Sicherheitskontrollen auf Unternehmensanwendungen zugreifen.
- 40 % regelmäßig Kundendaten herunterladen und über 30 % empfindliche Daten ändern oder große Transaktionen genehmigen können.
- 49 % ihre Anmeldedaten in mehreren Anwendungen wiederverwenden, während 52 % vertrauliche Informationen extern geteilt haben.
- 65 % die Cybersecurity-Richtlinien aus Bequemlichkeit umgehen.
- 72 % AI-Tools verwenden, aber 38 % die Richtlinien für den Umgang mit sensiblen Daten nicht befolgen.
Zusätzliche Forschungen von CyberArk Labs zeigen, dass der individuelle Browserverlauf von Angreifern ausgenutzt werden kann, was die organisatorischen Risiken erhöht. Die Ergebnisse betonen die Notwendigkeit robuster Identitätssicherheitsprogramme mit dynamischen Berechtigungssteuerungen.
- CyberArk's research highlights the urgent need for improved identity security, which could drive demand for their solutions.
- The report identifies common security risks, potentially positioning CyberArk as a thought leader in cybersecurity.
- The widespread risky behaviors identified in the survey suggest significant vulnerabilities in current security practices, which could lead to breaches.
Insights
The survey reveals critical security vulnerabilities in workplace practices that could significantly impact CyberArk's market position and growth strategy. With
The research highlighting widespread AI tool adoption (
This research strengthens CyberArk's market positioning by quantifying the urgent need for enhanced identity security solutions. The large sample size (14,003 employees) across six major markets provides credible data that highlights significant market opportunities. Key findings about password reuse (
The timing of this research, coupled with growing AI adoption concerns, positions CyberArk to capitalize on emerging security challenges. This could drive increased enterprise spending on identity security solutions, potentially boosting CyberArk's market share and revenue growth in the coming quarters.
Privileged access combined with worrisome worker actions compound security risks for organizations
Four Key Findings of CyberArk 2024 Employee Risk Survey: Harmful Employee Behaviors
Based on a survey1 of 14,003 employees working in all major types of job roles and vertical industries across the
-
Majority Have Access to Sensitive Information:
80% access workplace applications - which often contain business-critical data - from personal devices that frequently lack adequate security controls. The survey confirms that privileged access is no longer confined to IT admins.40% of respondents indicated they habitually download customer data; a third are able to alter critical or sensitive data; and just over three in 10 can approve large financial transactions. -
Password Reuse Is Common: The report highlights several worrisome habits.
49% of employees surveyed use the same login credentials for multiple work-related applications, while36% use the same credentials for both personal and work applications.52% of those surveyed have shared workplace-specific confidential information with outside parties. These practices significantly heighten the risk of security leaks and breaches. -
Majority Bypass Cybersecurity Policies:
65% of employees often bypass cybersecurity policies to make their lives easier. Common workarounds include using personal devices as WiFi hotspots and forwarding corporate emails to personal accounts. -
AI Adoption Creates More Security Challenges: The report also sheds light on the growing use of AI tools in the workplace. Over
72% of employees use AI tools, which can introduce new vulnerabilities when, for instance, sensitive data is inputted into them. Over a third (38% ) of employees either ‘only sometimes’ or ‘never’ adhere to guidelines on handling sensitive information in their use of AI tools.
New CyberArk Labs Research: “White FAANG”
“White FAANG: Devouring Your Personal Data” is new research from CyberArk Labs that shows how the individual browsing and internet history of individual employees can present cyber issues for their employers, as well as to personal lives. Detailing how individual browsing history data - downloaded from technology giants like Apple and Meta - is easily stolen, it shows how an attacker might abuse this extensive information trove to serve as, for example, an attack vector into employer organizations.
The combination of worrisome employee actions and attackers’ ability to steal and capitalize on browsing history and internet usage increases risk for organizations. By implementing a robust identity security program with dynamic privilege controls at every user checkpoint, security teams can prevent attackers from gaining access to sensitive and privileged information without adding unwanted friction into workplace processes.
“For far too long, the standard approach to workforce access security has been centered around basic controls like authentication via single sign on. This ignores the reality of the modern worker and the changing nature of identity: the average employee can be a casual workforce user and, the next moment, a privileged account,” said Matt Cohen, CEO at CyberArk. “These findings show that high-risk access is scattered throughout every job role and bad behaviors abound, creating serious security issues for organizations and highlighting the pressing need to reimagine workforce identity security by securing every user with the right level of privilege controls.”
Further reading:
- CyberArk 2024 Employee Risk survey
- New CyberArk Labs research: “White FAANG: Devouring Your Personal Data”
1Research was conducted by Censuswide among a sample of 14,003 employees who use a computer for work in the
About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, X, Facebook or YouTube.
Copyright © 2024 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
View source version on businesswire.com: https://www.businesswire.com/news/home/20241203942566/en/
Investor Relations:
Srinivas Anantha, CFA
CyberArk
617-558-2132
ir@cyberark.com
Media:
Nick Bowman
CyberArk
+44 (0) 7841 673378
press@cyberark.com
Source: CyberArk
FAQ
What did CyberArk's 2024 Employee Risk Survey reveal?
How prevalent is password reuse among employees according to CyberArk's research?
What new vulnerabilities are introduced by AI tools in the workplace?
What does CyberArk Labs' 'White FAANG' research indicate?
