Insider Risk

Bad Password Management Puts Organizations at Risk

By Veriato Team

Ponemon’s 2019 State of Password and Authentication Security Behaviors Report highlights how inappropriate use of privileged password can give insiders the access they need.

Ultimately, the malicious insider needs one thing to perform an act that hurts the organization – access.  Generally, organizations concerned with insider threats need to only worry about the owners of user accounts with access to applications, and systems interacting with critical, sensitive, protected, or, otherwise valuable data.

But, according to Ponemon’s latest report (which includes responses from over 1,700 IT security practitioners) those with the highest levels of privileged access are using password and account practices that make insider threat activity more probable and negatively impactful.

Some of the eye-opening stats around privileged password use include:

  • 69 percent of IT pros admit to sharing passwords with their colleagues in the workplace to access accounts
  • 51% percent reuse an average of five passwords across their business and/or personal accounts
  • 55% percent of organizations do not use any form of two-factor authentication (2FA)

This is downright frightening; think about it – if IT pros are sharing passwords, not only can other users malicious act under the context of another user, but the opportunity exists to hijack more than just the one account shared (because of the password reuse). And, with no use 2FA, misuse of credentials is as simple as knowing the password. All this comes from the very same report in which 66% of organizations state that it is very important to protect passwords.

Organizations concerned about account sharing and misuse should look to employ a layered strategy that protects the use of privileged accounts. It includes the use of a privileged account password vault (to establish who can use which privileged accounts, limiting the ability to password share) and solutions providing Insider Threat Intelligence to monitor for inappropriate logons and unusual or threatening user activity.

The obvious misuse of privileged accounts (whether malicious or not) puts the organization at risk.  And without proper controls and monitoring, you’ll have no visibility into whether insider activity is taking place.  Consider putting measures in place to ensure privileged accounts are only used by their intended users, and for their intended purpose.

How to Rebrand
“Bossware”at Your
Company

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...