Many people have developed a psychological picture of what a cyber-attack consists of. There’s a tendency to assume a complex, thrilling attack is executed by highly-technical individuals who have penetrated a network to access ironclad sensitive data. The reality, however, is much different.
It’s frightening to think: these days, cyber criminals simply need to compromise an unpatched system or steal credentials from a user, either via social engineering or by simply grabbing the password sticky off a user’s monitor. In most cases, these are not tech-savvy individuals; rather, the pool is full of opportunists who would otherwise make great business people. And, what is one of the most common opportunities used to exploit a network? A complete lack of password management.
Password123 - Still? Sad But True
In this day and age, with all our technology advancements, how can password management remain a top security vulnerability? In the recent Psychology of Passwords report from security firm LastPass, 91% of respondents acknowledged that using the same password for multiple accounts is not secure. However, knowing and doing are different things—nearly two-thirds of those surveyed also admitted to doing so, and almost 80% of them use the same passwords for multiple accounts until they are forced to change them. So then the solution to this password vulnerability problem is simply stronger policies, right?
Who’s Managing Your Company’s Passwords?
With employees and execs in agreement that weak password management needlessly puts companies at risk, it seems logical that company-wide password management should be a top priority. Yet another survey from LastPass and Ovum revealed that over half the IT execs surveyed leave password management to employees—the same employees that admit to using the same password for multiple applications and for as long as possible without changing it. And three-quarters of the IT executive respondents conceded that they have no control over the cloud-based applications used by their staff. Something has got to change.
Someone to Watch Over Things
Whether companies are too overwhelmed with other tasks or simply don’t have the technical capacity to enforce strong password behavior, the best option is often to partner with a trusted and experienced third party to improve security. With continuous monitoring solutions, an effective security service can ensure the security of your environment and help rid your company of sticky note password management and other vulnerabilities.