Story image

APAC firms leaving password management to employees - at a cost

23 Jan 18

Asia Pacific organisations admit that employee behaviour and IT policy don’t match up, particularly when it comes to passwords.

Despite the danger of week passwords, a new study by Ovum and LastPass suggests that Asia Pacific organisations rely too heavily on employees to monitor their own behaviour – rather than using technology to address the problem.

The study found that 78% of IT executives do not have the proper controls that could allow them to control employee access to cloud-based applications. While organisations are aware of the lack of visibility, few are doing anything about it.

29% of respondents say they use entirely manual processes to manage user passwords for cloud applications.

“This research has clearly identified an urgent need to close the password security gap,” comments Ovum principal analyst for infrastructure solutions, Andrew Kellett.

“Far too many organisations are leaving the responsibility for password management to their employees and don’t have the automated password management technology in place to identify when things are going wrong.”

According to the survey, even employees are dissatisfied with password management practices. 75% of employees experience regular password usage problems.

A third say they need helpdesk support about password at least once per month.

The study suggests that this could be due to a lack of single sign-on in organisations. 56% of surveyed firms did not use any method of single sign-on authentication.

22% of Australian employees say they have shared their credentials with colleagues, and 11% have shared them with third parties.

However organisations don’t really know what to do to curb password sharing – 71% have no technology in place to deal with it and only 13% have controls in place that can alert IT teams when it happens.

69% of employees said they would use a tool to store or access passwords if one was available.

“In many cases, an organisation’s password management practices are overly reliant on manual processes and far too often place an excessive level of trust in employees to use safe password practices,” comments LastPass general manager Matt Kaplan.

“The threat posed by human behaviour coupled with the absence of technology to underpin policy is leaving companies unnecessarily at risk from weak or shared passwords. Organisations need to focus on solving for both obstacles in order to significantly improve their overall security.”

The survey polled 355 IT executives and 550 corporate employees in Asia Pacific, North America and Europe.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.