Maybe employees aren’t as loyal when it comes to their work passwords as we’d like to believe.
According to the SailPoint Market Pulse Survey, one in five employees would be willing to sell their workplace credentials for less than $1,000 — some would even settle for less than $100.
The survey showed that nearly 20 percent of employees would be willing to put their corporate passwords up for sale, with 44 percent saying all it would take is less than one thousand bucks.
SailPoint said its data from this year’s report hit on two very important, but very disconcerting, points: (1) Employees are aware of how sensitive their personal data is and expect it to be protected, but (2) they don’t take the same precautions when it comes to their employer’s data.
The results of the study show that weak security practices are leaving organizations exposed to significant risks.
In its survey of 1,000 respondents across six countries, nearly 65 percent of employees said they use a single password for numerous applications, and one in three admitted to sharing credentials with colleagues.
“If the most recent data breaches have shown us anything, it’s that no company is safe from attacks, and the method by which information is taken is slowly changing,” the study said. “The commonality across almost every breach is hackers are now targeting the weakest link in the security infrastructure: people.”
Cybersecurity experts have long warned about the risks posed by insider threats — usually posed by privileged users, such as system administrators, database administrators and managers, who have access to sensitive company information.
The “Insider Threat Report,” released last year, found that 59 percent of cybersecurity professionals said these privileged users represent the biggest risk to organizations, closely followed by contractors and consultants (48 percent) and then regular employees (46 percent).
Whether insider threats are implemented deliberately or happen inadvertently through the actions of those with access to valuable data, an organization may put itself more at risk by not having the appropriate systems in place.
Insufficient data protection strategies or solutions, an increasing amount of data leaving the network perimeter via mobile devices and Web access and a lack of employee awareness and training are found to be just some of the conditions for perpetuating insider threats, EnterpriseTech reported last year.