Poor password management leaves service accounts open to attack

Survey reveals security professionals don’t practice what they preach when it comes to passwords.

  • 10 years ago Posted in

IT security professionals are gambling with the security of their organisations by failing to update important service and process account passwords on a regular basis, with almost 15 percent admitting to either never updating passwords or only updating them annually, a new survey from Lieberman Software Corporation has revealed.


The survey, which was carried out at a major global IT security event, studied the attitudes of 280 IT security professionals and also revealed that nine percent of organisations update their service and process account passwords on a six monthly basis, 53 percent update them on a quarterly basis, 21 percent update them on a monthly basis and only 1.5 percent update them on a daily basis.


In response to the findings, Calum MacLeod, VP of EMEA at Lieberman Software Corporation, said: “As more and more security breaches are being uncovered, organisations should be taking a much more stringent approach at securing passwords. The defence and government industries, which are a very high target for cybercriminals, have come to realise that in order to improve security passwords need to be changed on an hourly basis. If passwords only get updated on a monthly or quarterly basis, think about the damage a cybercriminal can do in that time. Between one to three months of unlimited access into an organisation’s critical systems – they could literally walk away with everything.”


In addition to this, half of the respondents of the survey that admitted to never updating service and process account passwords revealed that the reason for this was out of fear that changing passwords could potentially cause outages and downtime.


Commenting on these findings MacLeod said: “The organisations that choose not to update service and process account passwords because they are worried about causing outages, and believe the consequences of a cyber attack would be less severe than downtime, obviously do not understand how damaging a cyber attack can be and this points out a very worrying lack of awareness. The other respondents who admitted to never updating passwords, but didn’t cite network downtime as the reason, are playing with fire. Any organisation that doesn’t update their service account passwords, or only updates them on an annual basis, quite frankly doesn’t understand the importance of these systems.”


Commenting on the findings of the survey, Philip Lieberman, President of Lieberman Software Corporation, said: “This piece of research highlights that IT security professional are taking a very lax approach to securing important service accounts, which could cost organisations dearly over the coming months. We have consistently said that basic security includes locking down access to systems containing sensitive data to minimize the insider threat. However, only months after a string of publicised hacks, IT security professionals are failing to implement password management appropriately and could be actively paving the way for bigger security disasters. These passwords are shared among contractors and a number of other IT security professionals. If they are not changed on a regular basis they could very easily fall into the wrong hands. Didn’t the security industry learn anything from the Snowden scandal?”
 

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...