Home Security Password security management still not up to scratch as attacks grow: report
Password security management still not up to scratch as attacks grow: report Image courtesy of Stuart Miles FreeDigitalPhotos.net Featured

Attacks on passwords continue to grow in number and complexity every year, but despite these threats, businesses have struggled to quantify their own level of password risk, according to a newly published report that also found that the insurance sector in Australia is doing the best in maintaining password security.

The first annual “2018 Global Password Security Report" from LastPass by LogMein finds that businesses lack proof of their policies’ effectiveness, are missing visibility into their employees’ behaviours and can’t verify how they compare to others of similar size, industry or location.

And, while Australia’s insurance sector scored highest on the password security scale, it lags a long way behind leading sectors on password security in other countries.

The global report, which analysed anonymised data in more than 43,000 companies of all sizes, industries, and geographies using LastPass as their business password manager, draws a precise picture of password management for the business IT community — with two benchmark scores highlighted in the report: the LastPass Security Score and the LastPass Password Strength Score.

The report found that Australian and New Zealand businesses have an average security score of 52, with key findings showing that

  • Banking and health have the lowest security scores of any sector.
  • Insurance has the highest score of any Australian sector (49). But it is still below the benchmark and far behind the leading sectors in other countries.
  • Password sharing is common – with six passwords shared by the average employee.
  • More businesses are using multifactor authentication (45%) and those that use a password manager gain an average 15 security score points in the first year of using it.

And in Australia, the highest average security score in the Insurance sector (49) follows the imposition of new privacy and data laws which with most businesses in the sector must comply.

Released ahead of Australia’s Stay Smart Online Week, data from the report reveals that while businesses are making strides in strengthening password security, there’s more work to be done – with the average password security score of organisations found to be 52 out of 100.

“Passwords continue to be a challenge to cyber security in the workplace, and attacks continue to grow in number and complexity every year. Despite these threats, businesses in Australia and New Zealand have struggled to quantify their own level of password risk,” said Lindsay Brown, vice-president, APAC and Japan, LogMeIn.

“In conjunction with Stay Smart Online Week, we want to ensure we’re doing our part by offering information security managers a tool to compare their own company’s password scores with a large sample of peers and competitors. In turn, security departments are now better equipped to identify the gaps in their security program and measure progress when investing in password security.”

According to Frank Dickson, research vice-president, Security Products at IDC, “Security professionals often fail to consider the value of the first factor of enterprise authentication – the password”.

“Despite the sophisticated security measures enterprises are putting in place, something as fundamentally simple as a password is tripping them up.

“Having a security benchmark such as what LastPass has provided with this report will help enterprises quantify their password risk, compare how they stack up to enterprises of similar size, and gauge the effectiveness of their enterprise password management deployment.”

Additional key findings include:

The bigger the company, the lower the security score on average

Organisations with less than 25 employees had the highest average security score of 50, and the average drops as the company size increases. More employees bring more passwords and unsanctioned apps, as well as extra opportunities for dangerous password behaviours.

In larger organisations, it’s simply more challenging for IT to hold all employees to password security standards. The low security score for banking and health found in the report reiterates the findings from the Notifiable Data Breach report by the Office of the Australian Information Commissioner, where, for the April- June quarter, the banking sector reported the second highest number of breaches.

Investing in an enterprise password management tool is moving the needle

Within the first year of investing in a password management tool, a business gains nearly 15 security points. This represents a significant improvement in the company’s security posture over time and is a tangible metric to validate the investment.
 
Password sharing is prevalent in the workplace

On average, the report data shows that any given employee now shares six passwords with co-workers. As teams become more distributed and technology-dependent, the ability to protect, track and audit shared passwords is more important than ever.
 
The Insurance sector is leading the pack in password security in Australia

The highest average security score is in the insurance sector (49). This is not surprising due to the privacy and data laws with which most must comply. While Insurance may be leading the way, it is well below the benchmark and far behind the leading sectors in other countries. What is surprising, is that heavily-regulated industries like banking, health, and government are not achieving comparable (or even superior) average security scores.

Multi-factor authentication is gaining in popularity

As concerns about password security grow, multi-factor authentication is an increasingly-favoured way to protect an organisation. Forty-five percent of businesses use multi-factor authentication, which represents a significant increase from last year’s 24.5%. The technology sector leads the pack with 31% adopting multi-factor authentication. Whether it’s a greater awareness of available options or a stronger culture of security, organisations in the technology sector are prioritising extra protection.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect