Story image

APAC firms leaving password management to employees - at a cost

23 Jan 18

Asia Pacific organisations admit that employee behaviour and IT policy don’t match up, particularly when it comes to passwords.

Despite the danger of week passwords, a new study by Ovum and LastPass suggests that Asia Pacific organisations rely too heavily on employees to monitor their own behaviour – rather than using technology to address the problem.

The study found that 78% of IT executives do not have the proper controls that could allow them to control employee access to cloud-based applications. While organisations are aware of the lack of visibility, few are doing anything about it.

29% of respondents say they use entirely manual processes to manage user passwords for cloud applications.

“This research has clearly identified an urgent need to close the password security gap,” comments Ovum principal analyst for infrastructure solutions, Andrew Kellett.

“Far too many organisations are leaving the responsibility for password management to their employees and don’t have the automated password management technology in place to identify when things are going wrong.”

According to the survey, even employees are dissatisfied with password management practices. 75% of employees experience regular password usage problems.

A third say they need helpdesk support about password at least once per month.

The study suggests that this could be due to a lack of single sign-on in organisations. 56% of surveyed firms did not use any method of single sign-on authentication.

22% of Australian employees say they have shared their credentials with colleagues, and 11% have shared them with third parties.

However organisations don’t really know what to do to curb password sharing – 71% have no technology in place to deal with it and only 13% have controls in place that can alert IT teams when it happens.

69% of employees said they would use a tool to store or access passwords if one was available.

“In many cases, an organisation’s password management practices are overly reliant on manual processes and far too often place an excessive level of trust in employees to use safe password practices,” comments LastPass general manager Matt Kaplan.

“The threat posed by human behaviour coupled with the absence of technology to underpin policy is leaving companies unnecessarily at risk from weak or shared passwords. Organisations need to focus on solving for both obstacles in order to significantly improve their overall security.”

The survey polled 355 IT executives and 550 corporate employees in Asia Pacific, North America and Europe.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).