Are you changing your passwords as often as the weather changes?

While the weather may not change as frequently where you are, there is one thing that should change more frequently: Your privileged passwords. Why? If you’re like more than 25% of companies out there, then your current IT environment contains unmanaged accounts putting you at risk of data breaches and compliance violations.

To check, ask yourself these two questions:

  • When was the last time your organisation’s privileged account passwords were rotated and randomized?
  • Regardless of your answer to the first question, are you confident that every privileged account is managed, and that there are no rogue accounts with old, outdated passwords?

Across all industries, it’s absolutely crucial to be aware of how old your privileged account passwords are, and to change them on a regular basis.  For example, 79% of respondents believe privileged users access sensitive and confidential information out of simple curiosity. Take a look at the Anthem, Sony, Target, Home Depot, JP Morgan and eBay breaches from late 2013, 2014 and 2015:

  • Target: 70 million individuals – compromised by a phishing attack on a third-party supplier with privileged credentials to the Target network. Malware was deployed and settled in the POS system gaining access to payments data.
  • Home Depot: 53 million individuals at a cost of $148 million to fix – another third-party vendor’s user name and password.
  • JP Morgan: 76 million households and 7 million businesses – compromised through a single employee’s password.
  • eBay: 145 million accounts compromised – attackers compromised a small number of employees.
  • Sony Pictures breach – the hackers claim to have taken over 100 terabytes of data from Sony. In first quarter financials, Sony Pictures set aside $15 million for legal fees. 

Despite these high-profile breaches, it’s clear that organisations are still playing catch-up when it comes to reining in their passwords. According to our own recent survey of 728 global IT decision makers, 51% of respondents without a privileged account management policy in place, manage passwords “individually.” This could include users sharing passwords on an ad hoc basis, or simply by memory. 35% indicate that shared passwords are controlled “locally,” including in spreadsheets, password vaults, SharePoint, Post-Its, and Active Directory.

Consider the potential security and compliance ramifications of these four scenarios on your organisation:

  • Former employees - When an employee with privileged access leaves the company, he or she won’t just forget their old passwords. Whether leaving on a good note or not, former employees pose a threat to your organisation’s protected information.
  • Partners - if you work with outsource partners or contractors how do you manage their access to systems and data? -  particularly if there is a turnover of these personnel for the life of an engagement or project,
  • Outsider Threats - Static passwords present an open door for hackers to use brute force tactics to access a company network—which aids them in faster in-and-out attacks that can go unnoticed for months.
  • Insider Threats - Only certain employees should have access to privileged systems and data, and it would be foolish for IT administrators to put faith in their employees to self-manage their access. The moment a password is written on a Post-It, shared with another employee or saved to a Word document, it becomes a security and compliance liability for the entire organisation.

If you’re interested in preventing static passwords from putting you in the headlines, request a free trial of BeyondTrust’s privileged password and privileged session management solution today!

 

Privilege Gone Wild 2 Survey Results Now Available

Interested in how you rank vs. peers? Access the report now!

Each year, BeyondTrust conducts a survey to identify trends in the privileged account management market. The survey explores how organizations view the risk from privileged account misuse, as well as trends in addressing and mitigating the risks. Over 700 information technology professionals participated in the 2015 survey, representing organizations in retail, government, education, manufacturing and technology markets around the globe.

Dowload the report here!

Sameer Shaikh -
Consultant  

Sameer has over 7 years of experience in sales and customer service roles in the financial, wholesale trade and retail sector in India, UAE, United Kingdom and New Zealand.

At MPA Sameer is applying his expertise in customer management and business development to maintain existing business relationships as well as developing new business opportunities.

He also shares responsibility in the sales and purchase order entry and logistics areas.

Sameer has a Bachelor of Science degree.


Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
What Does It Take To Lower Your Mobile Cost Of Ownership? More >
2014: The Year Encryption Comes of Age More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >