A new survey by CyberArk has found that 60% of Australian employees admit to bypassing workplace cybersecurity policies for convenience, potentially exposing organisations to heightened security risks.
The findings underline ongoing challenges for businesses adapting to modern hybrid work models.
The CyberArk 2024 Employee Risk Survey revealed that Australian workers, while somewhat more compliant than their global counterparts, frequently engage in behaviours that could compromise security.
For instance, 33% of respondents acknowledged using the same credentials for both personal and workplace accounts, increasing the likelihood of cyber incidents.
Another concerning finding is the reluctance of employees to promptly install security updates on personal or Bring Your Own Device (BYOD) systems. These delays in patching vulnerabilities could expose businesses to additional risks, particularly as remote and hybrid work environments grow more common.
CyberArk Labs, in its “White FAANG: Devouring Your Personal Data” report, highlighted how personal online activity can be leveraged by attackers to target organisations. This underscores the importance of addressing identity security vulnerabilities in workplace systems.
Thomas Fikentscher, CyberArk's area vice president for Australia and New Zealand, said the increasing use of cloud technologies by organisations has heightened vulnerabilities.
“Multi-factor authentication does not offer sufficient protections against fraudulent activity, and organisations should be taking active steps to reimagine their workforce identity security,” he said, as reported by IT Brief.
The survey also found that 80% of employees access workplace systems using personal devices, many of which lack robust security measures.
Additionally, a significant portion of non-IT employees hold elevated access privileges, with 40% of respondents downloading sensitive customer data and 33% authorised to make large financial approvals.
Password management practices add to these risks. Nearly half of Australian workers reuse credentials across multiple work systems, and 41% admitted to sharing workplace-confidential data externally.
The growing use of artificial intelligence (AI) tools in workplaces presents another set of challenges.
The survey revealed that 66% of employees use AI tools for work-related tasks, and some input sensitive data into systems not approved by their employers. Moreover, 24% acknowledged using AI tools that their organisations neither monitor nor manage.
CyberArk Labs warned that personal browsing habits could also be exploited by attackers, posing indirect threats to organisations.
Matt Cohen, CEO of CyberArk, called for a shift in how businesses approach security.
“These findings show that high-risk access is scattered throughout every job role and bad behaviours abound, creating serious security issues for organisations and highlighting the pressing need to reimagine workforce identity security by securing every user with the right level of privilege controls,” he said, as reported by IT Brief.
