Ivanti on Tuesday reported that despite a stunning 97% of security pros saying that their organization is now “as prepared” or “more prepared” to defend against cybersecurity attacks than they were a year ago, 1 in 5 “wouldn’t bet a chocolate bar” they could prevent a damaging breach.
The report also found that while roughly half of respondents say they are “very prepared” to meet the growing threat landscape, expected safeguards such as deprovisioning credentials are ignored one-third of the time, and nearly half say they suspect a former employee or contractor still has active access to company systems and files.
The report also revealed that leaders also engage in dangerous behavior and are four times more likely to be victims of phishing compared with office workers. Some other findings:
- More than 1 in 3 leaders have clicked on a phishing link.
- Nearly 1 in 4 use easy-to-remember birthdays as part of their password.
- They are much more likely to hang on to passwords for years.
- And, they are five times more likely to share their password with people outside the company.
Cybersecurity professionals are inundated with a constant barrage of cyberattacks, while simultaneously faced with budgetary constraints, limited staffing, and in many cases, minimal training, said Darren Guccione, co-founder and CEO at Keeper Security. Guccione said cybersecurity can feel overwhelming, so it makes sense that this report finds IT professionals make many of the same mistakes as those outside of their industry.
“To avoid the trap of lazy password practices, it’s critical that both individuals and organizations utilize a password manager to generate strong, unique passwords for every account and store them in an encrypted vault that’s protected with a strong master password and multi-factor authentication,” said Guccione. “In a corporate environment, password managers not only enhance security, but also optimize productivity. IT administrators can easily control user password practices and enforce policies. Meanwhile, help desk personnel aren’t bogged down with password-reset tickets, and employees aren’t stuck in holding patterns due to lost or forgotten credentials.”
Jesh Sax, technical account manager at Tanium, said despite best efforts at implementing precautions, tools, and trainings, bad actors are just waiting for that one wrong click or compromised password to get reused. Sax said the fast pace of business means that mistakes happen, even with security leaders. More important than who clicked on a phish is knowing that the organization can respond.
Sax added that the Ivanti research definitely reflects the pressure all security teams are under today. With global unrest, financial volatility, and a public health crisis, Sax said people are bound to try and simplify their lives.
“With all this pressure, even people who know better end up reusing passwords or not vetting emails before clicking on a link,” said Sax. “This is why having visibility into your estate and being able to respond quickly to an attack is vital in today's landscape.”