Closing the Password Security Gap

A couple of months ago, Verizon’s 2017 Data Breach Report confirmed that 80% of all successful network attacks take place because of weak credentials.  We took that opportunity to review the best methods for creating a strong password.  We’re glad we did, because a new study released last week shows that most employees are essentially on their own when it comes to their password behavior. 

Despite operating in a threat landscape where weak passwords pose a major security threat to organizations, many companies have no technology in place to enforce any password strength requirement. 

study from LastPass and Ovum reveals that more than half of IT executives surveyed rely on employees alone to monitor their own password behavior. About 61% of IT executives surveyed rely exclusively on employee education to enforce strong passwords, so employees are essentially on their own, with no technology in place to enforce any password strength requirement.

And those weren’t the only alarming takeaways:

  • A lack of control increases risk and puts a strain on both users and internal resources:  76% of employees say they experience regular password usage problems, and more than a third of users need password-related help desk support at least once every month.
  • Defense against password sharing is far too weak: 64% of IT executives surveyed had no technology in place to guard against unnecessary password sharing, and only 14% had automated control facilities in place to know when it is happening.
  • Without visibility or control, an organization is incredibly vulnerable to security threats:  78% of IT executives lack the ability to control access to the cloud-based applications used by their employees. Most companies are aware of this lack of visibility and control, yet the majority are not doing enough, if anything at all, to address the situation.
  • Making matters worse, outdated manual processes are still predominant in many organizations: IT executives at four in 10 companies surveyed still rely on entirely manual processes to manage user passwords for cloud applications.

Password security is a small part of the much larger holistic approach to security measures that make for true cybersecurity.  If you’d like to learn more about what SLPowers can do to help you complete your security posture and ensure comprehensive protection for your company, we invite you to give us a call and discover what makes our approach to security better.