gave CyberArk 2024 Employee Risk Surveywhich polled 14,003 workers in the US, UK, France, Germany, Australia and Singapore in October 2024, revealed that Australian employees are generally more compliant with cyber security policies than those in other countries.
However, most are still neglecting cyber policies to make their lives easier. CyberArk found common solutions among Australian employees, including using one password across multiple accounts, using personal devices as Wi-Fi hotspots, and forwarding corporate emails to personal accounts.
See: Australian employees choose convenience, speed over cyber security
In the report, CyberArk CEO Matt Cohen said the overall findings show that “high-risk access is scattered across every job role,” potentially Sensitive organizational data at high risk.
Australian employees access sensitive data from personal devices.
CyberArk’s report found that the majority of Australian employees (80%) access workplace applications – often containing business-critical data – from personal devices that often have inadequate security controls. There are not. This rate of personal device usage is significantly higher than the global average of 60%.
Marketing departments were found to be the most likely (94%) to use personal devices to access work applications, followed by IT teams (93%). Worryingly, more than half (52%) of entry-level employees were already there. Access critical data with the workplace tools they use..
Australians are the slowest to update their personal device security.
Australian employees were found to be the slowest globally for vendors to release firmware updates or security patches to their personal or BYOD devices.
Globally, one-third (36%) of employees surveyed said they do not promptly install security patches or software updates for all of their personal devices. In addition, 26% Disagree that they always use a VPN when accessing work resources.Increased risk of cyber attacks.
Access to operations valuable to attackers at a wide range of employees
The report found that widespread privileged access to systems allowed many different employees to perform actions that Their accounts are considered extremely valuable to attackers.:
- 40 percent of global respondents indicated that they routinely download customer data.
- 33% are able to change important or sensitive data.
- 30% can approve large financial transactions.
Australian employees are struggling with password reuse practices.
Password reuse was also universally common. The report states that 49 percent of the surveyed employees used Same login credentials for multiple work related applications. In Australia, 33% of employees chose to use the same login credentials for both personal and workplace applications and services.
Globally, 41% of employees surveyed said they have shared confidential workplace-specific information with outside parties, which CyberArk said could lead to security leaks and breaches. The risk has increased.
See: Adoption of Passkey has been slow in Australia.
Productivity is being prioritized over cybersecurity policies around the world.
Globally, employees are also ignoring cybersecurity policies to avoid friction. Among global respondents to CyberArk’s survey:
- 20% were using personal devices as Wi-Fi hotspots.
- 18% avoid installing updates because it takes too long.
- 18% regularly use personal devices rather than company-issued devices.
- 17% forward corporate emails to personal email accounts.
Some Australian employees never follow the guidelines for using AI tools
More than 66 percent of Australian employees were found to be using AI tools. However, CyberArk Warning AI tools may introduce new vulnerabilities.Such as when an employee puts sensitive data into them.
This behavior appears to be common among Australian employees: around 25% admitted that they occasionally use AI tools that are unapproved or unregulated by the organization.
See: Splunk urges Australian organizations to secure LLMs
Additionally, more than a third (33%) of Australian employees say they either “only sometimes” or “never” follow guidelines for handling sensitive information in their use of AI tools.
IT and security experts advise employees to guide them towards better practices.
ANZ’s area vice president of CyberArk, Thomas Feincher, noted that post-authentication breaches Expect to become even more common over time. As Australian organizations continue to migrate workflows to the cloud. Organizations should not rely on MFA alone to protect against fraudulent activities, he said.
The CyberArk report also recommends that organizations reduce risky employee behaviors by adopting solutions that empower the workforce rather than slow it down. With the use of AI increasing rapidly, CyberArk said security teams need to recognize that it is here to stay. The use of AI should be considered when modernizing security controls for the future..