Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/30/2013
03:54 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Employee Negligence Makes U.K. 'Sitting Duck' For Cybercrime

Swivel Secure survey reveals that almost a fifth of employees reuse same username and password across every single online business and personal application

30 April 2013 – Wetherby, UK – Britain is a sitting duck for cybercrime because employees couldn't care less about the security of their workplace systems, suggests new research* announced today from tokenless authentication provider, Swivel Secure.

The study reveals that almost a fifth (19%) of employees care so little about online security that they reuse the same username and password (UNP) across every single online business and personal application which, for the majority of today's consumers, amounts to upwards of 25 different sites. Constant reuse of the same UNP greatly increases the chances of a fraudster, data thief, saboteur, friend or fellow employee obtaining and exploiting these details for criminal gain.

Contrary to popular belief, awareness of the dangers of cybercrime amongst workers doesn't seem to be the problem; over half (55%) of the 1,200 UK employees surveyed claim to actively track online security threats such as viruses, trojans and hackers. The real peril lies in what seems to be a widely held concensus amongst workers that cybercrime is 'something that happens to other businesses'. Despite this disparity between awareness and action, more than three quarters of all respondents (77%) remained completely unconcerned about workplace security, suggesting that only a direct and personal experience of cybercrime will trigger a change in attitude. Even those that are security conscious are failing to uphold basic rules; three quarters (75%) either write down or have another offline system for recording their passwords.

"This has been going on for long enough," comments Chris Russell, VP Engineering at Swivel Secure. "The cloud's over reliance on the username and password format has caused workers to resign themselves to the risks, and made the UK economy a sitting duck for corporate cybercrime. The inconvenient truth is that workers are neither capable nor are they willing to maintain the complex, rolling system of passwords that today's web environment demands.

"Analysts tell us that global spending on cyber security will exceed $68bln this year, but it is nonsensical for a business to invest heavily in firewalls, encryption and all manner of other protective technologies if its workers are effectively lowering the drawbridge to anyone that can guess their Facebook password," continues Russell. "As our personal and professional worlds continue to collide online, businesses that are serious about protecting their data need to rethink their approach to user authentication and drop usernames and passwords for good."

Additional research announced earlier this year from Swivel Secure (UK Bosses Slacking on Hacking, Jan 2013) suggested that the UK's 'corporate culture of complacency' start at the top and trickles down to influence the attitudes and behaviours of employees. "Action on this issue has to come from the top," adds Russell. "The business owners and decision makers must accept that UNPs are an outdated and unworkable form of authentication for today's online workforce. If they wait for the web to evolve around them, it will be too late. They need to take steps now to protect their data."

The Swivel authentication platform was first launched in 2003. It is now used by local government, the NHS, major global enterprises and smaller businesses in over 35 countries, to remotely access their business networks, virtual desktops and cloud-based applications. A strong alternative to UNPs, the Swivel authentication platform offers the widest range of user deployment options according to Gartner, including mobile apps, SMS and interactive voice response channels.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16219
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16221
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16223
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16225
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16227
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute a...