Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Survey Shows Extent Of Password Misuse

Lieberman Software : 19 October, 2011  (Technical Article)
Abuse of privileged login, password sharing and multi-password management cited as reasons for commercial hacking successes
Survey Shows Extent Of Password Misuse
Lieberman Software has announced the result of their Password 2011 survey which revealed that 48 percent of IT security professionals surveyed have worked for organisations whose network has been breached by a hacker. The survey paints a vivid picture of password chaos amongst IT staff and apathy about password security amongst their senior management.

* 51 percent of respondents had ten or more passwords to remember for use in their work
* 42 percent of those surveyed said that in their organisations IT staff are sharing passwords or access to systems or applications
* 26 percent  said that they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information
* 48 percent of respondents work at companies that are still not changing their privileged passwords within 90 days – a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organisations

The survey of more than 300 international IT professionals shows that a fundamental lack of IT security awareness in enterprises, particularly in the arena of password control and privileged logins, is potentially paving the way for a further wave of data breaches in 2011.

For many organisations these weaknesses are the backdoors by which hackers find their way into the enterprise’s most sensitive data. If almost 50% of all passwords remain unchanged, as this survey discovered, then fundamental and basic IT security practices are being ignored by staff and their senior management.

Privileged identities are accounts that hold elevated permission to access files, install and run programs, and change configuration settings. Their misuse is a major reason for data leakage.

Philip Lieberman, President and Chief Executive Officer of Lieberman Software said: “This survey shows that despite the huge number of frequent data breaches, over the past twelve months senior management in many organisations have not yet grasped the fundamentals of IT security. In fact they are actively paving the way for more and bigger disasters.”

He continued: “Password anarchy among the IT staff at major organisations is mirrored by password apathy at the top of the management hierarchy, where senior management seem almost criminally lax in the enforcement of IT security policies - to the detriment of their organisations”.

“These fundamentally careless practices and procedures revealed by the IT departments of the organisations we surveyed could cost them dearly in the coming months. We have consistently said that basic security includes locking down access to systems containing sensitive data to minimise the insider threat. However, only months after the Sony, RSA Security and Comodo hacks the situation within major organisations remains at risk,” Lieberman said.

“Senior management will have to pay far more attention to their basic security practices or be forced to apologise to their shareholders and customers for major data losses and subsequent damage to brand loyalty. The simple, unpalatable truth is that senior management generally is not policing their IT security departments enough to avoid further massive data breaches.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo