Careless Password management by employees: Enterprises at their wit’s end, despite PAM

0
1012

No one seems to be much bothered about cyber security, these days – it may seem, if what goes on at the workstations down the corporate ladder is any indication.

Corporate frauds and cyber security threats have become a rampant occurrence across the desks of employees in small, medium and large business enterprises alike.

In spite of such imminent risks, it is intriguing why a large percentage of professionals still stick to passwords rated ‘weak’, eg: 12345, to protect their systems.

‘Many organizations try to organize their system security in updated measures – even employing Privileged Access Management (PAM) solutions – but sadly, they soon realize they  need a more robust security approach’, says a recent study by Beyond Trust, on cyber security awareness.

PAM enables businesses to consolidate and track employee access to various accounts — BeyondTrust’s latest report suggests businesses are seriously lacking in their efforts to deploy a more robust security strategy.

Covering 44 professional IT firms and individuals, the study addressed security practices worldwide. The result:

The Report titled, ‘The Five Deadly Sins of Privileged Access Management’, the contents highlighted :

  • 80% of data breaches at SMBs are the result of abuse or misuse of privileged credentials.
  • Enterprises without a PAM solution are seeing their own workers gain access to privileged information and/or classified data.
  • Promoting a section of management as Privileged class or the ones who know the effects of PAM as specially protected, does not make them fool-proof to cyber crime.
  • Despite the focus on PAM, nearly 80% said they believe users are sharing their own passwords with other employees.
  • The study further noted that nearly 76% aren’t changing the default passwords generated for their sake by the system.
  • 75% of the respondents felt that their organizational staff are still clinging onto weak passwords.

There is a significant percentage in enterprises where employees happened to share passwords, under specific circumstances, and have compromised security at the end of day.

Often, this is because users have been allowed to run as administrators on critical machines.

Re-cycled passwords are another big issue that hampers security. Often the same passwords are utilised multiple times.

Experts feel there’s a free solution, called Sudo. The solution, addressed through the System Administrator, empowers the System Delegate to gain access to the security-led areas.

However, the experts also feel that this solution too does not provide 100% coverage.

“Why trust the security, compliance or continuity of your business to a free tool with known best practice flaws?” asks a BeyondTrust insider.

No wonder, privileged access is the entry point for cyber attacks that occur in the enterprise.

“It is up to IT. Privileged access must be secured consistently across all channels — on-premises, laaS [logging as service], SaaS and PaaS [platform as a service.”

While IT executives know that they must protect privileged accounts, remove users’ admin rights, patch vulnerabilities in their systems and deploy greater cyber security solutions for their on-premise and cloud-based systems, much of these efforts are deployed inconsistently across the enterprise.

“Personally identifiable information must be protected at all costs,” the report concluded. “Otherwise, organizations can face costs of up to $4 million per year, mitigating the damages of unwanted access to it.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here