Home Security Poor password hygiene encourages dirty cyber-crime

Security intelligence company LogRhythm says it is not a case of if a company will be hacked but when. Poor password security is one of the major factors in advancing the threat timetable.

It has released its findings on password security from the recent Workplace Security Australia report and it demonstrated that Australians in general are pretty lax about passwords, their strength and regularly changing them.

First item of interest is the variety of devices used at work

  • 86% of workers in large companies use some sort of technology device for work purposes
  • 62% have their own use of a PC or laptop (46% PC, 24% laptop), 71% among full time workers.
  • 23% use a shared PC or laptop (19% shared PC, 7% shared laptop), 29% among part time workers.
  • 17% use a work provided smartphone.
  • 24% use their own smartphone for work purposes.
  • 13% have a tablet (31% of managers have a tablet).
  • 4% BYOD (Bring Your Own Device)

Half 54% are accessing private emails, and half (52%) are using it for their private internet banking.

  • 91% Work emails
  • 88% The internet
  • 84% Work files and documents
  • 75% Work databases
  • 58% Work customer/client records
  • 54% Private emails
  • 52% Private internet banking
  • 35% Work online/cloud services

Passwords – credentials – are the key to the IP kingdom. Even passwords from users with low clearance can be used to escalate up devices and gradually get to servers.

Virtually all companies with more than 20 employees require passwords to access user accounts but some do not use passwords on programmes or for accessing sensitive data once a user is logged in.

  • 19% are able to gain entry to all work services and documents via a single password
  • The average is 3.2 passwords, 37% use five or more passwords

18% say that they frequently or always use the same password for work and personal accounts (30% of Generation Y say this compared to 8% of Baby Boomers)

  • 4% Always (Generation Y 6%, Baby Boomers 2%)
  • 14% Frequently (Generation Y 24%, Baby Boomers 6%)
  • 20% Occasionally
  • 12% Once in a while
  • 49% Never (45% males, 54% Females) (Generation Y 29%, Baby Boomers 67%)

So complexity, uniqueness and frequency of change of passwords is important:

  • 72% say they take reasonable care and change passwords every six months
  • 59% say they change annually
  • 6% never change
  • 18% take the trouble to set a unique password for each service
  • 19% use same one for everything
  • 21% create variations on a core word

And because Aussies seem to have trouble remembering passwords 22% store them in an insecure ways

  • In a file saved on the computer
  • One a smartphone
  • On a piece of paper in their to draw
  • On a sticky note attached to the screen or keyboard (estimated 173,000 Australian workers do this)

In fact, a hacker can almost guarantee to find passwords simply by an office walk through – or as reported by iTWire staff selling their access credentials.

Simon Howe, LogRhythm’s ANZ Sales Director, said: “It is clear from the results that employees are unwittingly be placing their organisations at greater risk of data breaches and other incidents. User accounts and passwords are being harvested on the black market to fuel cyber-attacks. Businesses need to actively monitor employee access to devices, applications and systems. And to set policies that encourage them to keep security front of mind.”

I spoke to Simon at length and we essentially agreed that user education was the key to better password hygiene but there is ample of that being published by news organisations like iTWire. It is almost as if Australian’s “She’ll be right mate” attitude applies.

Simon lamented the lack of tight password policy in many organisations because it will upset the users and increase workload on system administrators. He mentioned there are several good password management tools and administration tools to ensure secure passwords.

We agreed that it was time for two factor authentication – prove who you are then use a password unique to you. Microsoft and Intel have collaborated to produce Windows Hello that uses Intel’s 3D RealSense camera – but widespread adoption is some time away.

I asked about the ‘if, not when’ scenario for hackers to attack business of all sizes. Obviously LogRhythm has a feel for this as it is not an AV/Malware vendor but a way to identify threats fast (mean time to identify the threat) and react appropriately (mean tine to respond).

What he would say is that according to the Rand Corporation cyber-crime is now more profitable than the drug trade and one way to counter this is to have electronic identity protection. “LogRhythm knows more about security and how to manage issues – right out of the box, We know most of the tricks used by cyber criminals,” he said.

It is always a pleasure to speak to Simon precisely because he is not selling Antivirus software and the sky is not constantly falling. You can read more about the company in this iTWire article and at its website .





With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!


Popular News




Sponsored News