Employees continue to engage in risky behavior despite the risks
In addition to practicing poor password hygiene, relying on password managers built into the web browser was another security faux pas highlighted by a recent survey.
Commissioned by access management vendor ThycoticCentrify, the survey noted that more than a third (35%) of the respondents admitted to relying on their web browser to store credentials on their personal and work devices.
“By cracking only one of those devices, an attacker can easily access all the passwords stored within the user’s browser. This makes it so much easier for an attacker to elevate privileges without being detected and gain access to the user’s email, company cloud applications, or even sensitive data,” pointed out Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify.
Carson argued that even if a personal device is compromised, the attacker can use the authentication information stored in its web browser to analyze the user’s password habits and create all possible combinations of a password using cracking tools to eventually gain access to their well-protected corporate applications and system.
The survey covered over 8000 knowledge workers from over a dozen countries, to get a handle on risky employee activities.
The research revealed that more than half (55%) of the respondents don’t mind connecting to a mobile hotspot even in a work-based scenario, while 32% have no qualms about connecting to public WiFi networks.
Furthermore, while 23% of the respondents have used personal devices inside their corporate network, 34% admitted to sending work documents to a personal computer.
Surprisingly an overwhelming majority (79%) chose to engage in risky behavior despite knowing the security implications of their actions.
“When faced with a choice between productivity and cyber security employees will take the easy path and this mostly means sacrificing security,” concludes the research suggesting that businesses must strike a balance between people and technology to properly protect themselves from cyber threats.