Feeds

Firms urged to tighten up access policies

Survey reveals worrying lack of security

The Power of One Infographic

Half of us keep our passwords on Post-It notes and over a third of IT professionals say they could still access their company's network if they left their job.

These are just some of the worrying findings of a survey released on Tuesday by Cyber-Ark Software, which carried out the research at last month's Infosecurity Exhibition as part of the firm's annual investigation into trust, security and passwords.

"Companies need to wake up to the fact that if they don't introduce layers of security, tighten up who has access to vital information, and manage and control privileged passwords, then snooping, sabotage and hacking will continue to be rife," said Calum Macleod, European director for Cyber-Ark.

More than half of those surveyed said they still keep their passwords on a Post-It note; this is in spite of all the warnings to be more protective of passwords. This year's survey revealed that the 50 per cent number now applies to IT professionals as well.

Also, more than one-third of IT professionals admit they could still access their company's network once they'd left their current job, while over 25 per cent of respondents said they knew of another IT staff member who still had access to sensitive networks even though they'd left the company a long time ago.

These figures may be explained by the fact that 20 per cent of all organisations admitted that they rarely changed their administrative passwords. with a worrying 7 per cent saying they never change them. Eight per cent of IT professionals revealed that the manufacturer's default admin password on critical systems had never been changed, despite this being the most common way for virus writers to break into corporate networks.

"The easiest way to infiltrate a company's network is to look for administrative passwords which are left blank, still have the manufacturers default password or just use obvious names. Once you find these, which are unbelievably simple and common to find, you're into the system and have the highest level of authority - you've got control of the company's system."

Those are the words of Gary McKinnon, who has been named as the "most profligate military hacker of all time" and who is still waiting to be extradited to the US for gaining entry to 90 computers at the US Department of Defense.

Fifteen per cent of companies interviewed said they had experienced insider sabotage, an unsurprising statistic if you consider that over 33 per cent of IT staff said they use administrative passwords to snoop around corporate systems. This snooping has the potential to turn ugly if IT workers feel disgruntled or if they've been fired.

Copyright © 2007, ENN

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.