Nearly eight in every ten respondents to a ThycoticCentrify poll of employees admit to one or more activities in the past year that could compromise their company’s cybersecurity.
According to Kali Linette, blogging for the privileged access management (PAM) software vendor, workers are also continuing to engage in risky behaviours despite knowing the dangers,
“More than a third (35%) have saved passwords in their browser in the last year, a similar number (32%) have used one password to access multiple sites, and around one in four (23%) have connected a personal device to the corporate network,” Linette writes.
More than nine in every ten understand that actions such as clicking on links from unknown sources or sharing credentials with colleagues are risky. However, only around one in six respondents think their organisation is likely to be attacked.
Linette reported Joseph Carson, chief security scientist and advisory chief information security officer (CISO) at ThycoticCentrify, as saying that messages around best practice aren’t getting through to everyone.
“We’d urge employers to redouble efforts to encourage the best possible digital security practices in staff and remind them of the risks of failing to secure networks,” he was quoted as saying.
“A ransomware attack or major breach has major consequences which can last for years, so every organisation needs to establish security processes and work to ensure they resonate with employees.”
The online survey attracted some 8000 responses worldwide, according to Linette.
Ransomware attacks have been widely reported as increasing in number and severity through 2020-2021.
In the ThycoticCentrify survey, only about four in every ten staffers received cybersecurity training in the previous year, with smaller organisations least likely to have done this — despite the rise in remote working, expected to continue.
Yet nearly eight in ten respondents also said they had themselves seen more fraudulent and phishing messages during the previous year, and more than that agreed they had a “personal responsibility” around keeping their organisation safe.
ThycoticCentrify’s PAM software for the enterprise includes Thycotic Secret Server and other offerings related to the policies of ‘least privilege’ around account management, targeting sectors such as financial services.
Read more about the key principles of PAM.