Story image

APAC firms leaving password management to employees - at a cost

23 Jan 18

Asia Pacific organisations admit that employee behaviour and IT policy don’t match up, particularly when it comes to passwords.

Despite the danger of week passwords, a new study by Ovum and LastPass suggests that Asia Pacific organisations rely too heavily on employees to monitor their own behaviour – rather than using technology to address the problem.

The study found that 78% of IT executives do not have the proper controls that could allow them to control employee access to cloud-based applications. While organisations are aware of the lack of visibility, few are doing anything about it.

29% of respondents say they use entirely manual processes to manage user passwords for cloud applications.

“This research has clearly identified an urgent need to close the password security gap,” comments Ovum principal analyst for infrastructure solutions, Andrew Kellett.

“Far too many organisations are leaving the responsibility for password management to their employees and don’t have the automated password management technology in place to identify when things are going wrong.”

According to the survey, even employees are dissatisfied with password management practices. 75% of employees experience regular password usage problems.

A third say they need helpdesk support about password at least once per month.

The study suggests that this could be due to a lack of single sign-on in organisations. 56% of surveyed firms did not use any method of single sign-on authentication.

22% of Australian employees say they have shared their credentials with colleagues, and 11% have shared them with third parties.

However organisations don’t really know what to do to curb password sharing – 71% have no technology in place to deal with it and only 13% have controls in place that can alert IT teams when it happens.

69% of employees said they would use a tool to store or access passwords if one was available.

“In many cases, an organisation’s password management practices are overly reliant on manual processes and far too often place an excessive level of trust in employees to use safe password practices,” comments LastPass general manager Matt Kaplan.

“The threat posed by human behaviour coupled with the absence of technology to underpin policy is leaving companies unnecessarily at risk from weak or shared passwords. Organisations need to focus on solving for both obstacles in order to significantly improve their overall security.”

The survey polled 355 IT executives and 550 corporate employees in Asia Pacific, North America and Europe.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.