Survey: Biggest Security Leak May Be Your Own Employees
Any organization faces a number of security threats. A firewall that doesn't react sufficiently swiftly, antivirus systems a bit out of date, and any of a host of others play a role. What organizations seldom consider is the impact that their own employees can have on security, and the new SailPoint Market Pulse survey suggests that employees may be a bigger problem than some might expect.
Perhaps the most immediately distressing point in the SailPoint survey is that 26 percent of employees admitted directly to uploading sensitive information to cloud apps specifically for the purpose of sharing that data outside the company. What's more, employees are more than ready to sell passwords and authentication data to outsiders, and for shockingly low dollar figures. Of those who would sell, 44 percent would charge less than $1,000 to do it, and that's up from one in seven. Over 40 percent of respondents noted that they still had access to several corporate accounts after leaving a job previously.
More passive problems also plagued businesses; password hygiene was an issue for 65 percent of respondents, including using the same password across several applications. A third also reported sharing passwords with co-workers. One in three employees even went so far as to buy a software-as-a-service (SaaS) application without IT consent or approval, making for a potential disaster.
“Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies,” said SailPoint founder and President Kevin Cunningham. “It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.”
Cunningham raises an important point here; with current identity governance systems, why are we still hearing about employees using just one password? Is it that the employees are lax in security, or that many companies don't have these governance systems in place? What's more, why are we hearing about employees willing to sell passwords for a comparative pittance? One point is that said passwords aren't appropriately valued, but is employee compensation also playing a role here? We know wages have been stagnant for some time; does a password simply look like a way to make a quick buck to an employee having trouble making ends meet? Further, why are employees buying software themselves anyway? Are these tools not already available or of poor quality, part of cost-saving measures?
There are plenty of questions that this study should be inspiring, including how better to provide for security, and how better to remove some of the common problems that may be hampering the best in security provision. We all need better security, especially for our computer-based systems, but when security gets in the way, a lot of these measures can't take hold as needs be.