Passwords leave enterprises vulnerable

Forrester Consulting

Despite new security risks posed by a rapidly evolving technology environment, most companies continue to rely on the traditional username and password sign-on to verify a user’s identity. And according to a December 2010 commissioned study by Forrester Consulting, who surveyed 306 enterprises with 1,000 to 20,000+ employees on behalf of Symantec Corp., those organizations are unnecessarily leaving themselves open to unauthorized access by hackers and e-criminals.

The study reports a number of interesting findings:

  • IT environments are pushing beyond traditional corporate boundaries, a trend that is exposing enterprises to more risks.  More than half of companies surveyed (54 percent) reported a data breach in the previous year. As IT managers increase their reliance on cloud-based and SaaS solutions, collaboration tools, and enabling users to access their networks with mobile devices and personal computers, the number of security breaches is on the rise.
  • Malware attacks are employing password vulnerability in enterprises. Hackers are moving from conspicuous attacks like malware and phishing to more insidious attacks using stolen passwords to penetrate an organization and go undetected.
  • Password issues are the top access problem in the enterprise. To prevent unauthorized access, password policies have grown more cumbersome and error-prone. Such factors as password composition requirements, duration before password expiration, and multiple passwords to access corporate resources have inundated users. Additionally, 87 percent of users are expected to remember two or more passwords to access corporate resources. Meanwhile, password reset is the most common help desk call, in many companies accounting for between 30 and 50 percent of all help desk calls.


Share article:
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

One comment on “Passwords leave enterprises vulnerable”

  1. Predictably, though biased and disappointing, is the recommendation by Atri Chatterjee, vice president of User Authentication at Symantec: “As enterprises continue to open up, strong authentication can help keep the bad guys out.” The success of any security framework is ultimately dependent upon the human element: access control can be improved by increasing awareness.

REPLY

You must login in order to reply.

Panel's Jotter

Editor Intelink says:(2012-10-02 10:49:19)

“Een kwaliteitsslag voor school, student en stagebedrijf” Het herkennen en correct behandelen van bedrijfsvertrouwelijke informatie. Het programma speelt tevens doeltreffend in op de sterk toenemende behoefte aan Social Media Integriteit van stag...

On: Stagevoorbereiding voor MBO en HBO: Bewustwording Bedrijfsgeheimen & Social Media Integriteit
Danny Lieberman says:(2011-05-09 13:35:04)

As one of the pioneers in DLP - data loss prevention and an active thought leader in the field since 2003 - it is typical for people who discover that the emperor is naked to take knee jerk reactions. IT and HR procedures are part of a set of data...

On: WikiLeaks legt menselijke factor bloot (EN)
Rachel McShelley says:(2011-03-31 10:01:15)

Blijft helaas onduidelijk waarom BitDefender dit opvallend en vooral ook een beveiligingsrisico vindt.

On: Facebook: 42% onbekende online vrienden
View all replies»

Join us on:

  • Facebook
  • LinkedIn
  • RSS
  • Twitter


Panels

Join our Research Panel!
Sign up for: Study into Information Leakage in the Netherlands 2010


Publications

News and analyses on Human Factors & Awareness


Upcoming events

No events