51 percent of respondents had ten or more passwords to remember for use in their work
42 percent of those surveyed said that in their organizations IT staff are sharing passwords or access to systems or applications
26 percent said that they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information
48 percent of respondents work at companies that are still not changing their privileged passwords within 90 days – a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organizations
Password Management and Data Breaches
The survey of more than 300 international IT professionals shows that a fundamental lack of IT security awareness in enterprises, particularly in the arena of password control and privileged logins, is potentially paving the way for a further wave of data breaches in 2011.
For many organizations these weaknesses are the backdoors by which hackers find their way into the enterprise’s most sensitive data. If almost 50% of all passwords remain unchanged, as this survey discovered, then fundamental and basic IT security practices are being ignored by staff and their senior management.
Privileged identities are accounts that hold elevated permission to access files, install and run programs, and change configuration settings. Their misuse is a major reason for data leakage.
Philip Lieberman, President and CEO of Lieberman Software said: “This survey shows that despite the huge number of frequent data breaches, over the past twelve months senior management in many organizations have not yet grasped the fundamentals of IT security. In fact they are actively paving the way for more and bigger disasters.”
He continued: “Password anarchy among the IT staff at major organizations is mirrored by password apathy at the top of the management hierarchy, where senior management seem almost criminally lax in the enforcement of IT security policies - to the detriment of their organizations”.
“These fundamentally careless practices and procedures revealed by the IT departments of the organizations we surveyed could cost them dearly in the coming months. We have consistently said that basic security includes locking down access to systems containing sensitive data to minimize the insider threat. However, only months after the Sony, RSA Security and Comodo hacks the situation within major organizations remains at risk,” Lieberman said.
“Management will have to pay far more attention to their basic security practices or be forced to apologize to their shareholders and customers for major data losses and subsequent damage to brand loyalty. The simple, unpalatable truth is that senior management generally is not policing their IT security departments enough to avoid further massive data breaches.”
The survey was conducted by Lieberman Software at HP Protect 2011 amongst more than 300 IT professionals. The full results can be found at www.liebsoft.com/Password_Security_Survey/.
About Lieberman Software Corporation
Lieberman Software provides privileged identity management and security management solutions to more than 1000 customers worldwide, including 40 percent of the US Fortune 50. By automatically discovering and managing privileged accounts everywhere on the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged identity management space, and its products continue to lead this market in features and functionality. Lieberman Software is headquartered in Los Angeles, CA with an office in Austin, TX and channel partners throughout the world. For more information, visit www.liebsoft.com.