Nearly 80pc of UK Security Professionals confess Stealing Corporate Information is Easy

One Identity study reveals lax password practices still plaguing UK enterprise

According to a recent study by One Identity, UK information security professionals said that stealing information from their organisations would be easy to do. In fact, of the 79 percent that said that taking sensitive information from their organisations would be easy to do, 11 percent confessed that they would take information if they were angry enough. This is despite the array of data protection regulations in place to prevent this kind of insider threat.

Further insight from the research suggests that 60 percent of UK organisations share passwords for privileged accounts, the most valuable of all accounts on a corporate network; and 30 percent professed to managing these passwords manually or through an Excel spreadsheet. Perhaps then, it should not be so alarming that information is seen as easily pilfered from an organisation.

“The fact of the matter is that organisations that fail to address basic Identity and Access Management and Privileged Account Management best practices may not only expose themselves to significant security risks, but also negatively impact business productivity,” said a spokesperson at One Identity. “This research should serve as a wake-up call to organisations to seek out ways to ensure, manage, and secure appropriate access across the entire organisation and user population – end users, third parties and administrators.”

Paul Walker, Technical director at One Identity, suggests the following best practices to minimise password risk in an organisation:

* Resetting a privileged password after each time the account is accessed, and thereby restricting the sharing of administrative credentials;

* Immediately deprovisioning former user accounts;

* Quickly resetting user passwords to maintain user productivity; and

* Monitoring and logging identity activity.  

The larger the volume of poorly managed user and administrative accounts available to bad actors, the more damage can be done, such as data breaches and leakage, compliance violations and fines, loss of customer trust, and a tarnished brand. Therefore, adhering to these and other IAM and PAM best practices can greatly help organisations reduce the threat of security breaches and other risks due to inappropriate or unsanctioned user access.


Around The World