Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Passwords are the Root of all Evil in the Enterprise

Employee Password Security Awareness

According to data coming from Lieberman Software, passwords are still a problem in the enterprise, including apathy from senior management, and password related chaos from IT staff.

Employee Password Security Awareness

According to data coming from Lieberman Software, passwords are still a problem in the enterprise, including apathy from senior management, and password related chaos from IT staff.

Lieberman’s data reveals a fundamental lack of IT security awareness in enterprises, particularly in the arena of password control and privileged logins. For example, 42-percent of the 300 IT professionals surveyed said that their organization share passwords and 51-percent said they needed to remember ten or more passwords for work alone.

IT Password SharingMoreover, 50-percent of the passwords in use remain unchanged, despite password rotation being a basic security practice. This is in addition to the respondents admitting that they were aware of some users abusing shared privileges, in order to access information they shouldn’t.

“Password anarchy among the IT staff at major organizations is mirrored by password apathy at the top of the management hierarchy, where senior management seem almost criminally lax in the enforcement of IT security policies – to the detriment of their organizations,” commented Philip Lieberman, President and CEO of Lieberman Software.

“Management will have to pay far more attention to their basic security practices or be forced to apologize to their shareholders and customers for major data losses and subsequent damage to brand loyalty. The simple, unpalatable truth is that senior management generally is not policing their IT security departments enough to avoid further massive data breaches.”

The full report is available here.

Related: Survey Reveals How Stupid People are With Their Passwords

Advertisement. Scroll to continue reading.
Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

ICS/OT

Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Identity & Access

The National Security Agency (NSA) has published a series of recommendations on how to properly configure IP Security (IPsec) Virtual Private Networks (VPNs).