We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
These alarming figures show far more employees have access to critical information than is necessary and demonstrate the need for UK businesses to limit how employees access sensitive data in order to better protect themselves and their customers.
Beware ghost employees
As seen with nearly every recent major cyber breach, from Uber to Sing Health, credential theft remains the most common and effective route to a successful cyber-attack. A lax approach to protecting high-value ‘privileged’ accounts can directly elevate the risk of such an attack or a major data breach, in the event of employees’ credentials being harvested. Managing privilege is therefore essential but, according to the study, many British businesses are failing to lock down these key accounts following changes in personnel. One in five (21%) office workers admitted leaving a job with login details for at least one confidential company system such as its internal servers, financial performance data and HR databases, potentially allowing ‘ghost’ employees - former staff members with working login details and credentials - unauthorised access to sensitive company data outside of an organisation’s security purview.
These ‘ghost’ individuals pose a substantial threat, according to Rich Turner, VP EMEA at CyberArk: “Ghost employees are a major concern for any organisation – they not only elevate the risk of key company applications, tools and data being breached in the event of a cyber-attack, but also provide a potential route for disgruntled employees or rival businesses to manipulate existing data, causing serious administrative and financial damage.
“These findings are symptomatic of the misguided cyber spending habits of UK PLC. We continue to devote huge sums to perimeter defences when the smarter approach is to assume the inevitable – that attacks will get in – and ensure that their access to sensitive assets and data is contained. “
Being cyber-sensible, but risk remains
However, the study did reveal that employees are developing a more involved approach to cybersecurity, showing that cyber education is having a positive effect and that British businesses can look forward to a more secure future. Nearly four in five (79%) office workers would immediately admit to IT if they opened a malicious attachment, while three quarters (75%) would voice their concerns if they didn’t understand communications from IT about security. This more involved approach to security is increasing their faith in their IT teams, with nearly three in four (74%) confident that their security team is effectively protecting the wider organisation against threats.
However, this confidence contrasts with the behaviour of many existing employees, who are still exhibiting poor cyber practices. Large numbers are still failing to admit their cyber indiscipline to their security teams, according to CyberArk’s survey: it found that more than half (54%) don’t admit when they let colleagues use their login details, and 45% don’t inform their IT team when they download an unauthorised app onto their work device. Such behaviours are significantly increasing their employers’ risk exposure by leaving their IT systems and accounts vulnerable to the escalation of privileges during a subsequent attack.
Securing the future of the workplace
As well as assessing office workers’ current approach to cybersecurity, the study also explored how evolutions in workplace habits and technologies are changing the security landscape. Encouragingly, it revealed that many organisations are beginning to integrate cutting-edge new security technologies into their strategies, with nearly one in five (19%) office workers reporting that their IT security team is experimenting with biometric security techniques, including fingerprint and retinal scans and embedded microchips.
Nonetheless, despite firms demonstrating a willingness to experiment with new forms of authentication, securing innovative new platforms remains a challenge. Smart devices in particular present a great cause for concern, with 40% of employees reporting that their IT security team is failing to effectively secure IoT and BYOD devices, providing attackers with another privileged pathway to exploit. As these technologies become more and more prevalent, it’s vital that their access to company tools and applications is managed in the same way as any other device within a corporate network.
Summarising the findings, David Higgins, Director of Customer Development EMEA at CyberArk, commented: “Whether for new wearable devices or more established business development, HR or payroll systems, a lack of credentials management means UK organisations remain vulnerable to the seizure of critical company IP through credentials-based attacks. Forging a more secure digital future begins with adopting an effective privileged access management policy, which limits individuals’ ability to escalate privileges and subsequently reduces their access to sensitive systems – ultimately reducing the number of vectors attackers can seek to exploit.”
