Despite multiple high profile breaches, 86% of those who manage computer systems within major UK companies use only the most basic security to access their IT systems on-site – half admit user accounts are ‘not very secure’, according to a report from Intercede.
The research looks at UK systems administrators, those who manage the operation of computer systems, or those who hold such assess rights are protecting and securing sensitive data within their organisations.
>See also: Businesses putting customer data at risk
Perhaps in acknowledgement of the risks posed, 50% of the research respondents admitted that business user accounts in their organisations are ‘not very secure’.
With 81% of hacking related breaches exploiting stolen or weak passwords, user authentication is currently the weakest link in the security chain.
The potential for catastrophic impact on businesses, and more worryingly, the consequential impact on customers, is a major concern. The research revealed some alarming results about how systems administrators are protecting access to core IT systems and turning a blind eye to the most basic security requirements.
Richard Parris, CEO and chairman of Intercede commented on the research: “Sysadmins effectively hold the ‘keys to the kingdom’, and relying on username and password authentication is a bit like relying on a basic Yale lock to secure your front door. Even the least security conscious of us also bolt the door with a five lever mortice lock and many go much further. In today’s age of the hack, when compromised passwords are the root of the vast majority of security breaches, UK businesses clearly need to do much more – it isn’t simply their data that is compromised, it’s ours.”
“It’s time businesses finally take security seriously and look at stronger methods of authentication to protect information. With the new General Data Protection Regulation (GDPR) due for adoption next year, businesses can be held criminally liable for failing to adequately protect customer data, with severe consequences for the bottom line and for corporate reputation. There’s no excuse for continuing to play Russian roulette with data and privacy.”