According to report by SailPoint, an Austin, Texas-based identity and security management company, one in five employees surveyed would sell their work passwords to hackers, up from 1 in 7 compared to last year. Of that 20 percent who sell the password, 44 percent would do it for less than $1,000. Some were willing to sell company credentials for less than $100.
"This year, even among a larger concern for their personal information's security, the percentage of those willing to risk corporate data either through apathy, negligence or financial gain only increased," the report found.
The 2016 SailPoint Market Pulse Survey was conducted by Vanson Bourne, an independent research firm. Vanson interviewed employees at private companies in IT, construction, finance, healthcare, oil and gas, and consumer services across Australia, France, Germany, the Netherlands, the United Kingdom, and the United States.
The study also found 65 percent of respondents admitted to using a single password across multiple applications and one-third of respondents share passwords with co-workers. The study found that 26 percent of current employees are uploading sensitive information into cloud-based applications with intent to share that data to company outsiders. Almost half of respondents, 40 percent, said they have access to a "variety" of corporate accounts from prior jobs.
To put this all in perspective, the average company size of the employees surveyed is about 50,000. The report finds that 10,000 employees at a company of this size would sell their password and 4,400 would sell passwords for less than $1,000. When it comes to how many employees practice poor security practices, 32,500 employees at large corporations use the same passwords for multiple accounts and almost 17,000 share passwords with co-workers.
Your employees are also buying cloud-based software to get work done without your IT department knowing about it. The survey finds that 33 percent of employees are buying cloud-based apps and 70 percent of those employees upload company data and information into the apps. About 50 percent of employees are not telling your IT department about these purchases because "it is faster without IT," the reports says. The reason this poses a risk to your company is because hackers can use any entry point, including third-party applications, as a door into your network or as a way to steal information and pose as employees to get even more information. Think about the Target hack happened--criminals were able to get into the network and download malware on Target's payment systems through the HVAC vendor. Any company or application that works with your company can be manipulated by criminals to gain access to your data.
"One would think that as more breaches touched more people individually, they would be more vigilant about security processes. But, in a stark contrast, it seems that while they expect their personal information's safety, when functioning as employees, these same users are practicing security incredibly ineffectively, leaving themselves and their employers exposed," the report says.