- Security TWENTY
- Women in Security Awards
UK businesses are playing Russian Roulette with our information, it’s claimed, by continuing to rely on the one security method that is the exploit target in most hacks and data breaches – the password.
A digital identity and credentials product company reports research into how UK systems administrators, those who manage computer systems, or those who hold such assess rights, are protecting sensitive data. According to Intercede, 86pc of those with systems administrator (sysadmin) level access rights are using only basic username and password authentication to access their companies’ IT systems on-site.
Half of the research respondents admitted that business user accounts in their organisations are ‘not very secure’. With 81pc of hacking related breaches exploiting stolen or weak passwords1 user authentication is Intercede says the weakest link in the security chain. The research, conducted by Vanson Bourne in July 2017, reveals Intercede says alarming results about how systems administrators are protecting access to core IT systems and turning a blind eye to basic security requirements.
Richard Parris, CEO and Chairman of Intercede said: “Sysadmins effectively hold the ‘keys to the kingdom’, and relying on username and password authentication is a bit like relying on a basic Yale lock to secure your front door. Even the least security conscious of us also bolt the door with a five lever mortice lock and many go much further. In today’s age of the hack, when compromised passwords are the root of the vast majority of security breaches, UK businesses clearly need to do much more – it isn’t simply their data that is compromised, it’s ours.”
The research included:
– 86pc rely on username and password authentication when accessing their main business account on-site; 69pc use complex passwords2 and 17pc use simple passwords3
– Other methods for authentication on-site included virtual smart cards and PINs (6pc) and biometrics such as a fingerprint or facial ID (2pc)
– When accessing business accounts off-site, just over half (54pc) rely on username and password authentication – 48pc use complex passwords and 6pc use simple passwords
– 58pc of research respondents work for companies serving consumers
– Basic username and password authentication on-site is common across markets, ranging from 82pc in manufacturing to 92pc in retail, distribution and transport
– Username and simple password authentication is used by 38pc of those with sysadmin access in the retail, distribution and transport sector.
Richard Parris added: “It’s time businesses finally take security seriously and look at stronger methods of authentication to protect information. With the new General Data Protection Regulation (GDPR) due for adoption next year, businesses can be held criminally liable for failing to adequately protect customer data, with severe consequences for the bottom line and for corporate reputation. There’s no excuse for continuing to play Russian roulette with data and privacy.”