In 2011, Lieberman Software surveyed more than 300 IT professionals for their insights into password practices and security outcomes. Portions of the survey focused on the numbers of passwords in use, sharing of privileged passwords, organizational security and other areas. The survey revealed that 48 percent of IT security professionals have worked for organizations whose network has been breached by a hacker. The results also paint a vivid picture of password chaos amongst IT staff and apathy about password security among senior management.
Survey respondents worked in organizations ranging from fewer than 100 to more than 10,000 employees, with the largest portion of respondents (62 percent) working in organizations that employ more than 10,000 individuals.
This slideshow summarizes survey results having to do with the attitudes and outlook of IT personnel.
Click through for findings from a Lieberman Software survey on password practices and outcomes.
Among IT professionals surveyed, 51 percent said that they need to remember 10 or more passwords for different systems and applications as part of their jobs.
Fully 42 percent of respondents said that two or more IT staff shared password access to access systems or applications in their organizations. Whenever personnel share passwords to access systems and applications there is no way to attribute data loss or damaging configuration changes to any one individual.
Twenty-six percent of respondents said that at least one IT staff member in their organization has abused a privileged login to access information they shouldn't have.
Twenty-five percent of respondents said that privileged account passwords used in their organizations to grant "super-user" access to systems and applications are sometimes less complex than normal user network logins. As a result, privileged accounts that grant "super user" access to systems and applications, in at least 25 percent of respondents' organizations, may be less well protected against malicious intruders and malware than are the organizations' normal user accounts.
Nearly half of all respondents (48 percent) indicated that privileged account passwords for a system device or application in their organization have remained unchanged for 90 days. It can therefore be surmised that nearly half of the respondents' organizations are unable to comply with IT regulatory mandates such as PCI-DSS, CAG, SOX, HIPAA, and others.
Nearly one-half respondents – 48 percent – said that they have worked at an organization whose network was breached by a hacker.