02:50 PM
Dark Reading
Dark Reading
Products and Releases

Survey: Employees would sell password for $1000

SailPoint released a survey today that reveals that 1 in 5 employees would sell their work passwords to a third-party organization, as compared to 1 in 7 last year. Of those who would sell their passwords, 44% would do it for less than $1000, and some for less than $100. Compounding this is the fact that 65% use a single password among applications and 32% share passwords with co-workers.

The data comes from a survey of 1,000 office workers at large organizations (averaging 50,000 employees) globally. This year’s survey results show a measurable disconnect between employees’ growing concern over the security of their personal information and the negligence over their data security practices in the workplace. Other interesting findings:

·         More than 2 in 5 employees still have corporate account access after they leave their job

  • 26% uploaded sensitive info to cloud apps with the specific intent to share data outside the company
  • 1 in 3 employees purchased a SaaS app without IT’s knowledge, a 55% increase from last year

This is the 8th year SailPoint conducted this survey, which is designed to measure how employees view their individual role in their companies’ security processes, and what (if any) improvements are being made by organizations to adapt to the new business realities where cyber security perimeters no longer exist.

You can find the release here, and see the full report attached. If you have any questions, please let me know!

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center,  3/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.