- Poor password hygiene continues to plague enterprises. 65% admitted to using a single password for all applications, and 33% share passwords with their co-workers.
- Employees don’t assume responsibility for protecting the integrity of corporate security processes. 20% would sell their passwords to an outsider. Of those who would sell their passwords, 44% would do so for less than $1,000. This is up from 14% who would sell a password a year ago.
- Organizations are struggling to keep up. 33% of employees admitted to purchasing a SaaS (cloud) application without IT’s knowledge (a 55% increase from last year’s report). Alarmingly, more than 40% of respondents reported having access to a variety of corporate accounts after leaving their last job.
“This year’s Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers,” said Kevin Cunningham, president and founder of SailPoint.
“Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.”
Australian’s fared a little better – only 12% were willing to sell their login and password – and it got worse from there with the US at 27% - perhaps because its more frequent there. Rumours of a $35,000 bounty circulated Apple HQ for an admin level password. Six-figure sums are common in financial institutions.
The issue gets worse – while Hacking/Phishing accounts for around 38% of the reported 781 significant US data breaches next was insider theft/negligence at 14.9%. Add subcontractor loss, and that quickly equates to around 30%.
There is a movement to kill off passwords for biometrics and multifactor authentication – if your business is at risk, you may want to go there quickly. iTWire interviewed Cyberark last year - that may be a good place to start.
Now what would you do with those pennies from hacker heaven?