A recent survey of IT professionals on password management and cloud security issues within their organizations found that just over 13% of respondents said they could still access systems at a previous employer using their old login credentials.
The study also found that a healthy percentage said they can still gain access more than one of their ex-employers’ systems with old credentials. The survey respondents included 280 IT security professionals in attendance at the RSA Conference 2014 last February, with over half of those surveyed from organizations with at least 1,000 employees.
“These results seem to indicate a general lack of password security and privileged access control. This could be the result of poor security training, or it could be a general lack of IT security awareness stemming from the complexity of managing large and dynamic enterprise environments,” the report notes.
“Regardless, as long as so many organizations are maintaining lax control of their password updates and privileged account management, the high frequency of data breaches can be expected to continue – if not grow.”
Other key findings in the study include:
- Nearly 1 in 5 of those surveyed do not have, or don’t know if they have, a policy to ensure that former employers and contractors can no longer access systems after leaving the organization.
- Almost 1 out of 4 respondents work in organizations that do not change their service and process account passwords within the 90 day time frame commonly cited as best practice by most regulatory compliance mandates.
- An overwhelming 80% of surveyed respondents choose to keep their organization’s most sensitive data on their own network, rather than the cloud.
- Nearly 3 out of 4 of those surveyed say that the cloud applications their users download cause security headaches.
“The results of this research shows that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches,” said Philip Lieberman, CEO and President of Lieberman Software, which conducted the survey.
“Organizations must implement a policy where privileged account passwords are automatically updated on a frequent basis, with unique and complex values. That way, when an employee does leave the company, he is not taking the password secrets that can gain access to highly sensitive systems.”