Security Market Segment LS
Thursday, 17 September 2015 14:25

Poor password hygiene encourages dirty cyber-crime


Security intelligence company LogRhythm says it is not a case of if a company will be hacked but when. Poor password security is one of the major factors in advancing the threat timetable.

It has released its findings on password security from the recent Workplace Security Australia report and it demonstrated that Australians in general are pretty lax about passwords, their strength and regularly changing them.

First item of interest is the variety of devices used at work

  • 86% of workers in large companies use some sort of technology device for work purposes
  • 62% have their own use of a PC or laptop (46% PC, 24% laptop), 71% among full time workers.
  • 23% use a shared PC or laptop (19% shared PC, 7% shared laptop), 29% among part time workers.
  • 17% use a work provided smartphone.
  • 24% use their own smartphone for work purposes.
  • 13% have a tablet (31% of managers have a tablet).
  • 4% BYOD (Bring Your Own Device)

Half 54% are accessing private emails, and half (52%) are using it for their private internet banking.

  • 91% Work emails
  • 88% The internet
  • 84% Work files and documents
  • 75% Work databases
  • 58% Work customer/client records
  • 54% Private emails
  • 52% Private internet banking
  • 35% Work online/cloud services

Passwords – credentials – are the key to the IP kingdom. Even passwords from users with low clearance can be used to escalate up devices and gradually get to servers.

Virtually all companies with more than 20 employees require passwords to access user accounts but some do not use passwords on programmes or for accessing sensitive data once a user is logged in.

  • 19% are able to gain entry to all work services and documents via a single password
  • The average is 3.2 passwords, 37% use five or more passwords

18% say that they frequently or always use the same password for work and personal accounts (30% of Generation Y say this compared to 8% of Baby Boomers)

  • 4% Always (Generation Y 6%, Baby Boomers 2%)
  • 14% Frequently (Generation Y 24%, Baby Boomers 6%)
  • 20% Occasionally
  • 12% Once in a while
  • 49% Never (45% males, 54% Females) (Generation Y 29%, Baby Boomers 67%)

So complexity, uniqueness and frequency of change of passwords is important:

  • 72% say they take reasonable care and change passwords every six months
  • 59% say they change annually
  • 6% never change
  • 18% take the trouble to set a unique password for each service
  • 19% use same one for everything
  • 21% create variations on a core word

And because Aussies seem to have trouble remembering passwords 22% store them in an insecure ways

  • In a file saved on the computer
  • One a smartphone
  • On a piece of paper in their to draw
  • On a sticky note attached to the screen or keyboard (estimated 173,000 Australian workers do this)

In fact, a hacker can almost guarantee to find passwords simply by an office walk through – or as reported by iTWire staff selling their access credentials.

Simon Howe, LogRhythm’s ANZ Sales Director, said: “It is clear from the results that employees are unwittingly be placing their organisations at greater risk of data breaches and other incidents. User accounts and passwords are being harvested on the black market to fuel cyber-attacks. Businesses need to actively monitor employee access to devices, applications and systems. And to set policies that encourage them to keep security front of mind.”

I spoke to Simon at length and we essentially agreed that user education was the key to better password hygiene but there is ample of that being published by news organisations like iTWire. It is almost as if Australian’s “She’ll be right mate” attitude applies.

Simon lamented the lack of tight password policy in many organisations because it will upset the users and increase workload on system administrators. He mentioned there are several good password management tools and administration tools to ensure secure passwords.

We agreed that it was time for two factor authentication – prove who you are then use a password unique to you. Microsoft and Intel have collaborated to produce Windows Hello that uses Intel’s 3D RealSense camera – but widespread adoption is some time away.

I asked about the ‘if, not when’ scenario for hackers to attack business of all sizes. Obviously LogRhythm has a feel for this as it is not an AV/Malware vendor but a way to identify threats fast (mean time to identify the threat) and react appropriately (mean tine to respond).

What he would say is that according to the Rand Corporation cyber-crime is now more profitable than the drug trade and one way to counter this is to have electronic identity protection. “LogRhythm knows more about security and how to manage issues – right out of the box, We know most of the tricks used by cyber criminals,” he said.

It is always a pleasure to speak to Simon precisely because he is not selling Antivirus software and the sky is not constantly falling. You can read more about the company in this iTWire article and at its website .




Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News