A new report from CyberArk, a global leader in identity security, reveals that everyday actions of employees, both deliberate and accidental, are exposing organizations to critical vulnerabilities. With the increasing adoption of hybrid work and the widespread use of artificial intelligence (AI) tools, the study highlights the urgent need to strengthen security controls around access to sensitive and privileged data.
Access to Critical Data: An Open Door to Invisible Risks
The research, which surveyed 14,003 employees across six countries (the United States, the United Kingdom, France, Germany, Australia, and Singapore), confirms that privileged access is no longer exclusive to IT administrators.
- 80% of employees access business applications from personal devices that lack adequate security controls.
- 40% regularly download sensitive customer data, while one-third have the ability to modify critical information and authorize significant financial transactions.
This combination of privileged access and inadequate practices turns every worker into a potential entry point for cybercriminals.
Concerning Habits: Shared Passwords and Ignored Policies
The report also highlights behaviors that exacerbate security risks:
- 49% reuse the same credentials across multiple work applications.
- 36% use the same passwords for both personal and professional accounts.
- 52% admit to sharing confidential information with individuals outside their company.
Additionally, 65% of employees ignore cybersecurity policies to simplify their daily work. Actions such as using personal devices as Wi-Fi hotspots or forwarding corporate emails to personal accounts are common, exposing critical data to external attacks.
AI: A Useful Tool and a Growing Risk
The rise of artificial intelligence tools in the workplace presents new challenges. According to the study, 72% of employees use AI tools, but 38% do not always follow the established guidelines to protect sensitive data.
This creates vulnerabilities when critical information is entered into these platforms, which could lead to accidental leaks or misuse.
Browsing History: A Silent Attack Vector
Complementing this, CyberArk Labs has identified another risk: employees’ personal browsing history. In their study “White FAANG: Devouring Your Personal Data”, the company demonstrates how cybercriminals can steal browsing data and use it as an attack vector against companies.
This scenario presents an additional challenge, as individual actions of employees can have significant repercussions on corporate security. Browsing data obtained from platforms like Apple and Meta provide attackers with detailed information that can be exploited.
A New Strategy: Protecting Identities and Controlling Privileges
In light of this landscape, CyberArk proposes adopting a dynamic identity security model that includes advanced privilege controls at every access point. This approach ensures that even the most basic user can be protected when acting as a privileged account.
Matt Cohen, CEO of CyberArk, emphasizes: “The modern employee can be a regular user one moment and become a privileged account the next. Companies must rethink how they protect identities in this new work context.”
The Future: Strengthening Cybersecurity by 2025
The report concludes that organizations must prioritize the adoption of comprehensive cybersecurity strategies, with an emphasis on:
- Dynamic access controls to protect sensitive data and privileges.
- Ongoing employee education and awareness to mitigate insecure behaviors.
- Advanced technologies capable of rapidly detecting and responding to threats.
In an environment where cyber risks are becoming increasingly sophisticated, companies must act swiftly to ensure the protection of their critical assets and maintain customer trust.
About CyberArk
CyberArk (NASDAQ: CYBR) is a global leader in identity security, focused on intelligent privilege controls. Its platform protects human and machine identities in hybrid environments, business applications, and the DevOps lifecycle. The world’s leading organizations rely on CyberArk to secure their most valuable assets.