Centrify poll finds employees are the biggest threat to an org’s security

Torsten George, Cybersecurity Evangelist at Centrify.
Torsten George, Cybersecurity Evangelist at Centrify.
5 years ago

Centrify has revealed the results of an onsite poll conducted at RSA Conference 2020, held last week in San Francisco. The survey asked conference attendees about their cyber hygiene habits at work to determine how much of a threat they posed to their organisation’s overall cybersecurity, ultimately revealing that employees themselves pose the largest threat.

Nearly 60% of respondents correctly identified employees as the largest threat to their organisation’s security, followed by hackers, 23%, and third-party vendors/partners, 18%.

Additional poll findings further validated why employees pose a cybersecurity threat in the first place:

  • 40% of respondents have tried to bypass a corporate security policy at work
  • Nearly 1 in 4 respondents, 23%, use the same passwords for work and personal accounts, defying industry best practices
  • More than 1 in 5 respondents, 21%, still store passwords on their phone, computer, or in printed document, violating industry best practices

On a positive note, the poll also revealed that less than 15% of respondents reported having previously shared their work login credentials or used someone else’s login credentials at work.

The poll results illustrate that every employee has an important role to play when it comes to protecting their organisations from cybersecurity threats. Simple best practices to help reduce the risk of being compromised include:

  • Make Your Password as Strong as Possible: Passwords should contain a mixture of upper and lowercase letters, numbers, and special characters. Using a password manager will help create long, difficult passwords and manage them for you. In the case of a known data breach, change your password immediately. Passwords for privileged accounts should be rotated every time they are checked back into a password vault.
  • Implement MFA on All Accounts: Multi-factor authentication, MFA, requires users to confirm their identity with another factor other than just a username and password, adding an extra layer of security. Centrify also announced support for passwordless authentication using biometrics, such as Windows Hello and Apple’s Face ID and Touch ID.
  • Don’t Take the Phish Bait: It’s not always emails that are used to hook you, it’s increasingly text messages and other messaging platforms. The first step in stopping phishing attacks is training employees to recognise, avoid and report any suspicious emails or messages, and conducting periodic simulations of phishing attacks. Vigilance is still the best defence.

“81% of hacking-related breaches leverage stolen and/or weak passwords, according to Verizon’s Data Breach Investigations Report. All it takes is one employee using a weak password to open the doors,” said Torsten George, Cybersecurity Evangelist at Centrify. “That’s why every organisation should enforce frequent password changes and use single sign-on, SSO,, and privileged credentials should be stored in a password vault.”

Don't Miss

Fortifying Nonprofits

Yasser Hassan, Managing Director of MENAT at AWS, lists out the top
Scott Barlow vice president of MSP at Sophos

Cybersecurity Skills Shortage Is Ranked as the Biggest Risk to MSPs and Their Clients

Sophos released its first “MSP Perspectives 2024” survey report, revealing that 39%