Study: Security pros still grappling with lax password policies

Share this article:
Court rules that Google’s data collection practices are not exempt from federal wiretap law.
Court rules that Google’s data collection practices are not exempt from federal wiretap law.

Passwords and cloud security are still causing headaches for IT security professionals, with 13 percent of respondents to Lieberman Software's "2014 Information Security Survey" saying that they can still access systems at a previous place of employment by using old credentials.

Disturbingly, in some cases, the report found, they can even access the systems of two or more employers.

Surveying in person close to 280 IT security professionals — more than 55 percent of whom worked in organizations with 1,000 or more employees — at the RSA Conference 2014 in San Francisco, Lieberman Software also found that nearly 20 percent either do not have, or don't know if their organizations have, a policy for cutting off access to employees and contractors when they leave the company.

Quite a few respondents — nearly one in four — say their organizations don't change their service and process account passwords within 90 days, which is recommended by most mandatory regulations.

Referring to privileged accounts as “the keys to the IT kingdom,” Philip Lieberman, CEO of Lieberman Software, told SCMagazine.com in a Wednesday email correspondence that “it's astonishingly common” in corporate and government networks for the administrator passwords of these “'god' accounts to be shared across multiple systems, remain unchanged for extended periods of time, and be used without any access control or audit records – bad policies all.”

Those security professionals surveyed also indicated some wariness of the cloud, with 80 percent saying they'd choose instead to keep the most sensitive information on their own networks. And, almost three-quarters contend that the cloud applications downloaded by users create security challenges.

The survey notes that by not controlling privileged user access, a persistent problem in many organizations, and failing to adequately secure passwords, organizations are leaving themselves open to attack.

“The high frequency of data breaches can be expected to continue - if not grow,” the Lieberman Software noted in its analysis of the survey results.

Page 1 of 2
Share this article:

Sign up to our newsletters

More in News

Goodwill investigates compromise of credit, debit card info

Credit card and debit card data may have been compromised at several Goodwill locations around the country.

Vice.com hacked, possibly The Wall Street Journal website too

Vice.com hacked, possibly The Wall Street Journal website ...

A reported Russian hacker group known as W0rm tweeted on Monday that it had hacked Vice.com and The Wall Street Journal website.

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.