Survey: Ping Identity Finds Employee Behaviors Can Be Big Contributors To Security Risks

A recent survey of 1,000 employees at large U.S. enterprise organizations finds that employee inattentiveness, laziness and possible malicious intent add up to constitute a real cyber security concerns.  The research was commissioned by security vendor Ping Identity.

Tags: access management, credentials, cybersecurity, mobile, passwords, Ping, security, threats,

A recent survey of 1,000 employees at large U.S. enterprise organizations finds that employee inattentiveness, laziness and possible malicious intent add up to constitute a real cyber security concerns.  The research was commissioned by security vendor Ping Identity.

 

The Ping Identity 2015 Online Identity Study provides hard numbers that show employee-related challenges that enterprises face in this era where anywhere access to corporate apps and data (from web, mobile, tablets and wearable devices) are a hallmark of digital transformation.

 

 

The line between personal and professional use of apps and devices continues to blur:

  • Even though 78 percent believe that it’s risky to share passwords with family members, 37 percent are likely to do so. The majority of respondents (54 percent) also admit to sharing their login information with family members so they can access their computers, smartphones and tablets.
  • Half of respondents admit that they are likely to reuse passwords for work-related accounts. Nearly two-thirds (62 percent) are likely to reuse passwords for personal accounts.

 

Employees claim to prioritize online security, and yet don’t always take accountability for their actions:

  • 58 percent of respondents believe that protecting work-related information is very important -- even more so than their personal emails and home addresses.
  • 59 percent believe IT is ultimately accountable in the event of a corporate data breach. C-level executives are the next to be held accountable, at 17 percent.
  • Only one in 10 employees (11 percent) believe they can be held accountable for a breach.

 

Malicious intent by employees may not be so rare:

  • About 20% (one in five) respondents admit they would sell unfettered access to their entire personal life -- if the price were right. Pricetag suggestions included a car or a year’s worth of mortgage payment or a student loan reimbursement.
  •  One-in-seven say they would make such a sale of passwords and privileges they use to access corporate files and servers – cold comfort to corporate security admins.

 

Taking all these findings together, Ping’s CEO Andre Durand suggests enterprise employees are not connecting-the-dots between security best practices and their behaviors at work or in their personal lives. He summarized the findings this way:  

 

Employees are doing some things really well to keep data secure, like creating unique and difficult-to-guess passwords, but are then reusing passwords across personal and work accounts or sharing them with family or colleagues.

 

No matter how good employees’ intentions are, this behavior poses a real security threat. IT continues to shoulder the burden of enabling mobility in a secure manner and educating employees on safe online behavior, but those efforts are falling short, too.

 

This is a defining moment for CISOs and CEOs, and tackling these pervasive disconnects will require both to come together to rethink how they ensure that the right people have access to the right data from any device, no matter where they are.

 

More details on the Ping Identity 2015 Online Identity Study are available in an infographic.




back