SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Survey reveals 60% of Aussies bypass cybersecurity rules

Yesterday

A new survey by CyberArk has highlighted that more than 60% of Australian employees admit to bypassing cybersecurity policies for convenience, significantly increasing security risks for organisations.

The CyberArk 2024 Employee Risk Survey reveals that Australian employees display concerning behaviours that may undermine organisational cybersecurity efforts. Despite being generally more compliant than their international counterparts, a significant proportion of Australian workers still engage in risky practices. One of the key findings highlights that 33% of employees use the same login credentials for both personal and workplace applications.

The survey also shows that Australian employees are notably slow in installing firmware updates or security patches on personal or BYOD (Bring Your Own Device) devices. This behaviour necessitates a reevaluation of how identity security controls should be enforced, especially within the context of modern hybrid work environments.

Research from CyberArk Labs, outlined in their "White FAANG: Devouring Your Personal Data" report, indicates that employees' online history can pose threats to their employers as well as their personal lives. This data, when compromised, can potentially serve as a breach point into organisations.

Thomas Fikentscher, Area Vice President for ANZ at CyberArk, remarked, "As Australian organisations continue to shift their workflows and workforces to the cloud, post authentication breaches will become even more common. Multi-factor authentication does not offer sufficient protections against fraudulent activity and organisations should be taking active steps to reimagine their workforce identity security."

Further survey findings include the revelation that 80% of Australian employees access workplace applications from personal devices, which often lack robust security measures. Privileged access is increasingly common among non-IT staff, with 40% of respondents routinely downloading customer data and a third having the ability to alter sensitive data or approve significant financial transactions.

Password reuse and data sharing compounds these risks, with nearly 49% of surveyed employees using the same login credentials across multiple work applications, and 41% admitting to sharing workplace-confidential information externally. These practices expose organisations to considerable risks of data breaches.

One of the emerging concerns is the adoption of AI tools at work. The survey highlights that 66% of employees use AI tools, sometimes inputting sensitive data into them, which could introduce new vulnerabilities. Additionally, almost a quarter of employees use AI tools that are unapproved or unmanaged by their employers.

CyberArk Labs further examines the impact of individual browsing histories in its research, noting that personal browsing data could be exploited by attackers to access an organisation's systems. This reinforces the importance of a comprehensive identity security framework to safeguard sensitive and privileged information.

Matt Cohen, CEO of CyberArk, emphasised the need for a strategic shift in security measures: "For far too long, the standard approach to workforce access security has been centered around basic controls like authentication via single sign-on. This ignores the reality of the modern worker and the changing nature of identity: the average employee can be a casual workforce user and, the next moment, a privileged account. These findings show that high-risk access is scattered throughout every job role and bad behaviours abound, creating serious security issues for organisations and highlighting the pressing need to reimagine workforce identity security by securing every user with the right level of privilege controls."

The Workforce Report, conducted by Censuswide, surveyed 14,003 employees across multiple countries, including the USA, UK, France, Germany, Australia, and Singapore, providing these insights into prevalent employee behaviours and data access patterns. The findings stress the urgent need for organisations to implement robust security measures to mitigate potential risks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X