Convergence Plus Logo


www Convergence Plus
 
Sections Online
Telecommunications
Mobility
Information Technology
InfoSecurity

InfoSecurity

November 2, 2006
 Survey finds Sloppy Use Passwords help Hackers

LONDON -- Cyber-Ark Software, the information security software company that develops and markets digital vaults for securing and managing highly-sensitive information within and across global enterprise networks, recently announced the surprising results of its 2006 Privileged Password Survey. Privileged passwords are the non-personal passwords that exist in virtually every device or software application in an enterprise, such as root on a UNIX server, Administrator on a Windows workstation, and Cisco Enable on a Cisco device.

Completed by more than 140 IT professionals, the 2006 Privileged Password Survey reveals that privileged passwords are far more common in enterprises than previously thought: approximately one-half of all enterprises contain more privileged passwords than individual ones. Second, although these privileged passwords provide “super-user” system access, the survey exposes that up to 42% are never updated, a frightening prospect in today’s environment of increased audits and hacker attacks. In fact, half of the IT professionals surveyed reveal that they’re concerned about audits, and 6 out of 10 state that their organization has been hacked.

Often, the reason privileged passwords are rarely updated is a simple one: many enterprises still manually change these key passwords and as one IT Executive from a Fortune 500-sized company states: "manually changing thousands of passwords across hundreds of databases is simply impractical."

More than 500 employees, and each employee has an Administrator account associated with their workstation (72%)
More than 500 servers with privileged password accounts (44%)
More than 100 routers with privileged password accounts (41%)
More than 100 software applications (71%), most of which connect with other applications (92%)

"Often organisations believe that because they have a small number of IT administrators, they can’t have many privileged passwords," says Adam Bosnian, Vice President of Products, Strategy and Sales for Cyber-Ark Software.

"The truth is that privileged passwords come pre-loaded onto virtually every piece of hardware and software in an enterprise and are therefore extremely common. Simply put, these super-user passwords are the keys to your kingdom, and yet they are often left unguarded."

Privileged passwords are more powerful but less likely to be changed

Although privileged passwords provide 'super-user' access to a target system, the survey shows they are far less likely to be updated. Respondents report that 99 percent of individual passwords are updated, however for privileged passwords:

13 percent of ROUTER privileged passwords are never changed;
21 percent of LOCAL WORKSTATION privileged passwords are never changed;
13 percent of SERVER privileged passwords are never changed;
42 percent of SOFTWARE passwords are never changed.

In many cases, these passwords are never changed because organisations still manually update them, a time-consuming process. As an IT Executive at one Fortune 500-sized company explained:
"Virtually every server, router, and application in our enterprise has a number of Privileged Accounts. Of course, we have to regularly change the Privileged User Passwords for these powerful systems, however, manually changing thousands of passwords across hundreds of databases is simply impractical."

A major risk for hacker attacks and failed audits

The survey not only revealed that privileged passwords are rarely changed, it also supports that this is a dangerous practice in today’s environment of hacker attacks and increased audit pressure. For example, in survey results:

6 out of 10 enterprises report being hacked;
9 out of 10 enterprises state they’re annually audited for IT practices;
Half of all IT professionals are often or always concerned about passing audits.

"Of course, having unsecured privileged passwords is an unnecessary risk" says Adam Bosnian, Vice President of Products, Strategy and Sales for Cyber-Ark Software.

"There are proven software applications available today that automatically update privileged passwords across all enterprise systems, including routers, servers, workstations and software applications. Cyber-Ark is proud to offer the Enterprise Password Vault as the award-winning solution for managing, securing, auto-updating and logging all activity associated with privileged passwords."








Disclaimer: No content may be used from this site without the written permission of the authors, Convergence Plus, Comnet Publishers Pvt. Ltd. and Exhibitions India Pvt. Ltd. The views expressed on this site are solely those of the authors and do not reflect those of Convergence Plus, Comnet Publishers Pvt. Ltd. and Exhibitions India Pvt. Ltd.