Access to workplace applications need to be managed and secured

83% of respondents from Asia Pacific in a CyberArk survey indicated that they access workplace applications from personal devices that frequently lack adequate security controls.

No matter how much technology is used to improve cybersecurity, humans remain the weakest link in any organization. This was pretty much the summary of CyberArk’s 2024 Employee Risk Survey which highlighted the need to shift to a model where workforce access is not just managed but secured.

Part of the reason why more organizations are insisting their employees return to office to work is due to their weakness in ensuring they are working in a secure environment or practicing cybersecurity hygiene. Ensuring secured access to data and workloads is critical especially with the report highlighting prevalent employee behaviours and data access patterns.

The report which is based on a survey of 14,003 employees working in all major types of job roles and vertical industries across the USA, UK, France, Germany, Australia and Singapore, shows that security teams must rethink how identity security controls are applied to the modern workforce.

Taking a deeper look into the report in Asia Pacific, 83% of respondents surveyed in this region indicated that they access workplace applications from personal devices that frequently lack adequate security controls. 40% of Asia Pacific respondents also indicated they habitually download customer data, while 40% are able to alter critical or sensitive data and 25% state they can approve large financial transactions. This clearly shows that their access is not properly managed and could result in serious consequences if compromised.

A more concerning finding is that 49% of Asia Pacific employees surveyed use the same login credentials for multiple work-related applications. 40% use the same credentials for both personal and work applications and 53% of those surveyed have shared workplace-specific confidential information with outside parties. These practices significantly heighten the risk of security leaks and breaches.

62% of Asia Pacific employees are also bypassing cybersecurity policies to make their lives easier. Common workarounds include using one password across multiple accounts, using personal devices as WiFi hotspots and forwarding corporate emails to personal accounts.

As expected, over 70% of Asia Pacific employees are using AI tools, which can introduce new vulnerabilities. 33% of Asia Pacific employees either ‘only sometimes’ or ‘never’ adhere to guidelines on handling sensitive information in their use of AI tools.

For Lim Teck Wee, Area Vice President, ASEAN at CyberArk, human errors, such as weak passwords, accidental sharing of sensitive data, or bypassing cybersecurity policies, remain a leading cause of security incidents today.

“ Building a culture of security awareness and providing continuous training to educate employees on the consequences of their dangerous behavior is key. It is also critical for businesses across the region to embed identity security at every layer to protect sensitive data, preserve trust, and ensure resilience against ever-growing cyber threats ," said Lim.

Apart from the survey, research from CyberArk labs also reveal how individual browsing and internet history of individual employees can present cyber issues for their employers, as well as to personal lives.

“For far too long, the standard approach to workforce access security has been centered around basic controls like authentication via single sign on. This ignores the reality of the modern worker and the changing nature of identity: the average employee can be a casual workforce user and, the next moment, a privileged account,” said Matt Cohen, CEO at CyberArk.

Cohen said these findings show that high-risk access is scattered throughout every job role and bad behaviors abound, creating serious security issues for organizations and highlighting the pressing need to reimagine workforce identity security by securing every user with the right level of privilege controls.