Story image

Nearly 50% of businesses have yet to take control of password security - report

03 Oct 18

Password management solution provider LastPass today released the first annual 2018 Global Password Security Report revealing password behaviours in the workplace and creating a benchmark that businesses can use to measure progress when investing in password security tools.

The global report, which analysed anonymised data in over 43,000 companies of all sizes, industries, and geographies using LastPass as their business password manager, draws a precise picture of password management for the business IT community.

Two benchmark scores are highlighted in the report: The LastPass Security Score and the LastPass Password Strength Score. 

Data from the report reveals that while businesses are making strides in strengthening password security, there’s more work to be done –with the average password security score of organisations found to be 52 out of 100. 

IDC security products research vice president Frank Dickson says, “Security professionals often fail to consider the value of the first factor of enterprise authentication— the password.

“Despite the sophisticated security measures enterprises are putting in place, something as fundamentally simple as a password is tripping them up.”

“Having a security benchmark will help enterprises quantify their password risk, compare how they stack up to enterprises of similar size and gauge the effectiveness of their enterprise password management deployment.”

Additional key findings include:

The technology industry is leading the pack in password security

The highest average security scores are in the Technology industry (53).  This is not surprising due to the privacy and data laws companies need to comply with. What is surprising is that heavily-regulated industries like Banking, Health, Insurance and Government are not achieving comparable (or even superior) average Security Scores:

  • Banking: 49
  • Health: 49
  • Insurance: 47
  • Retail: 48
  • Government: 49

Multi-factor authentication is gaining in popularity

As concerns about password security grow, multi-factor authentication is an increasingly favoured way to protect an organisation. 45% of businesses use multi-factor authentication, which represents a significant increase from last year’s 24.5%. Again, the Technology sector leads the pack with 31% adopting multi-factor authentication. Whether it’s a greater awareness of available options or a stronger culture of security, organisations in the Technology sector are prioritising extra protection. 

  • Banking: 16%
  • Health: 3%
  • Insurance: 3%
  • Retail: 13%
  • Government: 2%

The bigger the company, the lower the security score on average

Organisations with less than 25 employees had the highest average security score of 50, and the average drops as the company size increases. More employees bring more passwords and unsanctioned apps, as well as extra opportunities for dangerous password behaviours. In larger organisations, it’s simply more challenging for IT to hold all employees to password security standards.

Investing in an enterprise password management tool is moving the needle

Within the first year of investing in a password management tool, such as LastPass, a business gains nearly 15 security points. This represents a significant improvement in the company’s security posture over time and is a tangible metric to validate the investment.

Password sharing is prevalent in the workplace

On average, the report data shows that any given employee now shares six passwords with coworkers. As teams become more distributed and technology-dependent, the ability to protect, track and audit shared passwords is more important than ever.

LogMeIn chief information security officer Gerald Beuchelt, “Passwords continue to be a challenge to cybersecurity in the workplace, and attacks continue to grow in number and complexity every year.

“Despite these threats, businesses have struggled to quantify their own level of password risk.”

“This report offers fellow information security managers a tool to compare their own company’s password scores with a large sample of peers and competitors,” says Beuchelt.

“In turn, security departments are now better equipped to identify the gaps in their security program and measure progress when investing in password security.”

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.