“Weak privileged account management is a rampant epidemic at large enterprises and governments globally,” Steve Morgan, founder and CEO at Cybersecurity Ventures said in a statement. “Privileged accounts contain the keys to the IT kingdom, and they are a primary target for cybercriminals and hackers-for-hire who are launching increasingly sophisticated cyber-attacks on businesses and costing the world’s economies trillions of dollars in damages. We expect the needle on automated (PAM) solutions adoption to move fairly quickly into the 50 percent range over the next two years.”

Three out of 10 organizations allow accounts and passwords to be shared; three out of 10 have no formal password controls, and four out of 10 use the same security for privileged and standard accounts.

SEE ALSO: Report: Cloud Requires New Approach to Security Operations

Nearly one in five organizations have never changed the default passwords on their privileged accounts, and while many of the report’s findings are unsettling, this practice is so obviously negligent that one has to wonder about possible legal ramifications. Clients, partners, and shareholders of any given business should have assurances that it will not be brought to a standstill and suffer major losses from a years-old “admin” password.

Only 10 percent of those surveyed have implemented commercial automated PAM security, perhaps in part because 30 percent say they have not communicated the importance of following IT security policies to stakeholders.

The PAM report also puts a new spin on previous reports like the Ping Identity study from late 2015 which showed enterprise employees often share credentials for devices they do work on with family members and commonly reuse passwords. If the organization neglects basic credential controls, it is unrealistic to expect employees to pick up the slack.

Source: TheWHIR