Story image

APAC firms leaving password management to employees - at a cost

23 Jan 18

Asia Pacific organisations admit that employee behaviour and IT policy don’t match up, particularly when it comes to passwords.

Despite the danger of week passwords, a new study by Ovum and LastPass suggests that Asia Pacific organisations rely too heavily on employees to monitor their own behaviour – rather than using technology to address the problem.

The study found that 78% of IT executives do not have the proper controls that could allow them to control employee access to cloud-based applications. While organisations are aware of the lack of visibility, few are doing anything about it.

29% of respondents say they use entirely manual processes to manage user passwords for cloud applications.

“This research has clearly identified an urgent need to close the password security gap,” comments Ovum principal analyst for infrastructure solutions, Andrew Kellett.

“Far too many organisations are leaving the responsibility for password management to their employees and don’t have the automated password management technology in place to identify when things are going wrong.”

According to the survey, even employees are dissatisfied with password management practices. 75% of employees experience regular password usage problems.

A third say they need helpdesk support about password at least once per month.

The study suggests that this could be due to a lack of single sign-on in organisations. 56% of surveyed firms did not use any method of single sign-on authentication.

22% of Australian employees say they have shared their credentials with colleagues, and 11% have shared them with third parties.

However organisations don’t really know what to do to curb password sharing – 71% have no technology in place to deal with it and only 13% have controls in place that can alert IT teams when it happens.

69% of employees said they would use a tool to store or access passwords if one was available.

“In many cases, an organisation’s password management practices are overly reliant on manual processes and far too often place an excessive level of trust in employees to use safe password practices,” comments LastPass general manager Matt Kaplan.

“The threat posed by human behaviour coupled with the absence of technology to underpin policy is leaving companies unnecessarily at risk from weak or shared passwords. Organisations need to focus on solving for both obstacles in order to significantly improve their overall security.”

The survey polled 355 IT executives and 550 corporate employees in Asia Pacific, North America and Europe.

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Don’t let your network outgrow your IT team
"IT professionals spend less than half of their time at work optimising their networks and beefing it up against future security threats."
Three access management trends making waves in APAC
Consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.