CyberArk, the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today announced survey results that reveal what employees would be most likely to do if they were able to anonymously access sensitive company data including salaries, vacation time and sensitive human resources information. The findings highlight the importance of controlling access to privileged credentials that can provide insiders and external cyber attackers with broad, unfettered access to a company’s most valuable assets.
What Would Employees Most Like To Access?
The research amongst 1,000 UK office workers in companies of 250+ employees found the most coveted information would be other colleagues’ salaries (26%), conversations about themselves (22%) and sensitive HR information (20%). If employees could change any information on their company systems without being caught, just over a third (31%) would treat themselves to a pay rise and nearly one in five (19%) would reward themselves with extra holiday days.
Matt Middleton-Leal, regional VP for the UK, Ireland and Northern Europe, CyberArk, said: “Security teams have long known that one of the most effective ways for attackers to access sensitive data is to masquerade as a legitimate insider – using existing privileged credentials to roam around a network and conduct reconnaissance virtually undetected. While this survey highlights the potential mischief that employees can get up to without proper access controls, it’s also an important reminder that insiders – or cyber attackers posing as insiders – pose one of the greatest security threats to organisations today.”
In good news for UK PLC, most employees surveyed were happy in their current job. However, very unhappy employees are 2x more likely to want to spy on company information than very happy employees (61% compared to 29%). After making sure they were being fairly rewarded (33%) and searching for office gossip (27%), disgruntled employees would want to expose unethical or corrupt business (20%) and show up dishonest or lazy people in the organisation (18%).
The main reason people don’t break into company computers is a belief that it wouldn’t be morally right (40%). However, just over a quarter of people (27%) said the repercussions of being caught is a turn-off, and one in five (21%) cited their lack of technical skills. This suggests that many employees would be tempted to access or manipulate company information if they knew they could get away with it.
What Employees Would Do If They Wouldn’t Get Caught
More than half (51%) of all respondents said they would be prepared to go one step further and break into other companies’ systems or online accounts – but only if they knew they wouldn’t get caught. The most popular responses had personal perks at their heart, such as getting free holidays (23%), adding funds to bank accounts (23%), receiving free online shopping (20%) and writing off loans (14%). Others had more political motives, such as stopping immoral companies from operating (14%), seeing secret government intelligence (11%) or changing the law (5%).
Middleton-Leal continued: “Cyber criminals are getting more aggressive with their attacks, which are escalating more quickly than ever before – as with the WannaCry ransomware attacks. With cyber skills advancing all the time and attackers hiding behind valid credentials to avoid being noticed and caught, companies have to be more alert than ever to monitor and stop unwanted insiders in their tracks and protect their most valuable information.”
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 45 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the CyberArk blog, or follow on Twitter via @CyberArk, LinkedIn or Facebook.
About the research
This research was conducted by Opinion Matters on behalf of CyberArk. 1008 office workers in companies of 250+ employees were surveyed between 2-9 May. Opinion Matters abide by and employ members of the Market Research Society which is based on the ESOMAR principles.