Password chaos linked to network breaches, survey finds

A fundamental lack of IT security awareness in enterprises is potentially paving the way for a further wave of data breaches in 2011, a survey of 300 international IT professionals has shown.

Warwick Ashford Warwick Ashford

Warwick Ashford is chief reporter at Computer Weekly. He joined the CW team in June 2007 and is focused on IT security, business continuity, IT law and issues relating to regulation, compliance and governance. Before joining CW, he spent four years working in various roles including technology editor for ITWeb, an IT news publisher based in Johannesburg, South Africa. In addition to news and feature writing for ITWeb’s print publications, he was involved in liaising with sponsors of specialist news areas on the ITWeb site and developing new sponsorship opportunities. He came to IT journalism after three years as a course developer and technical writer for an IT training organisation and eight years working in radio news as a writer and presenter at the South African Broadcasting Corporation (SABC).

View all articles by Warwick Ashford >> 020 8652 8505 Active Warwick Ashford False True

A fundamental lack of IT security awareness in enterprises is potentially paving the way for a further wave of data breaches in 2011, a survey of 300 international IT professionals has shown.


The survey paints a vivid picture of password chaos among IT staff and apathy about password security amongst senior management, said Lieberman Software, which conducted the survey.

Nearly half of those polled said they have worked for organisations where computer networks have been breached by a hacker.

Just over half of the respondents said they had 10 or more passwords to remember for use in their work, 42% said that IT staff are sharing passwords or access to systems or applications, and 26% said that they were aware of an IT staff member abusing a privileged login to access sensitive information.

Nearly half said they worked at companies that are still not changing their privileged passwords within 90 days.

This is a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organisations, said Philip Lieberman, chief executive of Lieberman Software.

For many organisations these weaknesses are the back doors by which hackers access the enterprise's most sensitive data, and if almost 50% of passwords remain unchanged, then fundamental and basic IT security practices are being ignored by staff and management, he said.

"This survey shows that despite the huge number of frequent data breaches over the past 12 months, senior management in many organisations have not yet grasped the fundamentals of IT security. In fact they are actively paving the way for more and bigger disasters," said Lieberman.

Basic security includes locking down access to systems containing sensitive data to minimise the insider threat. However, only months after the Sony, RSA Security and Comodo hacks, the situation within major organisations remains at risk, he said.

According to Lieberman, senior management will have to pay far more attention to their basic security practices or be forced to apologise to their shareholders and customers for major data losses and subsequent damage to brand loyalty.

"The simple, unpalatable truth is that senior management generally is not policing their IT security departments enough to avoid further massive data breaches," he said.

MetaKeywords MetaDescription Sensitive Landingpage False

Read more on IT news in your industry sector

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.