And 65 percent of companies expect to suffer a breach due to compromised credentials int the future, a recent survey found.
A recent survey of more than 300 professionals worldwide found that 22 percent of respondents whose company had experienced a data breach said the breach was due to compromised credentials.
The survey, conducted by the Cloud Security Alliance and sponsored by Centrify, also found that 65 percent of respondents said the likelihood that their company would experience a breach in the future due to compromised credentials was medium to high.
“We hope that these findings will encourage organizations to leverage single sign-on, multi-factor authentication, mobile and Mac management, along with privileged access security and session monitoring, in order to minimize attack surfaces, thwart in-progress attacks and achieve continuous compliance,” Centrify chief product office Bill Mann said in a statement.
Separately, a Lieberman Software survey of almost 200 attendees at the RSA Conference 2016 last month found that 55 percent of IT professionals require their users to change their passwords more frequently than they change their own admin credentials.
Ten percent of IT professionals never change their administrative passwords at all, and 74 percent change them only on a monthly or less frequest basis.
“Administrative passwords are the most powerful credentials in an organization – the keys to the IT kingdom,” Lieberman Software president and CEO Philip Lieberman said in a statement. “The fact that 10 percent of IT professionals admitted that they never change these credentials is astounding. It’s almost like an open invitation to hackers to come in and stay a while. In the meantime, the intruders are nosing their way around the network.”
Thirty-six percent of IT professionals said passwords are shared among their IT staff, and 15 percent said that if they left their current companies, they would still be able to gain remote access with their admin credentials.
“Given that insider threats are one of the biggest concerns for CISOs, knowing that more than a third of IT professionals share privileged passwords is ludicrous,” Lieberman added. “The same can be said about so many ex-employees who can still access administrative credentials.”
A separate SecureAuth survey, conducted in conjunction with Wakefield Research, found that 35 percent of Americans write passwords down to help remember them.
When asked what’s most annoying about passwords, the leading responses were keeping up with different password requirements across accounts (29 percent), meeting complex password requirements (18 percent), needing to change passwords regularly (15 percent), and getting locked out after too many incorrect attempts (12 percent).
“From email to social media to your online bank account, just about every online identity requires a password,” SecureAuth CEO Craig Lund said in a statement. “In this high-tech age, passwords are a way of life. Many, however, are making some low-tech choices — as evidenced by the 35 percent of individuals who write down passwords.”
“Cyber attacks cost millions of dollars a year, hurt individuals and lead to long, drawn-out lawsuits,” Lund added. “Just ask the FBI, Target or IRS.”