Logo Header Menu

Weak passwords putting UK businesses at risk of losing millions

UK IT decision makers are blissfully ignorant over inadequate password protection, according to report Weak passwords putting UK businesses at risk of losing millions image

A new study by OneLogin, the identity management provider bringing speed and integrity to the modern enterprise, reveals that 85% of IT decision makers feel they have adequate password protection measures in place.

But in reality, most IT decision makers are failing to enforce even the most basic password requirements, putting their businesses at significant risk of data breach. In fact, less than a third (31%) require employees to rotate passwords monthly, and a further half (52%) admitted to only requesting password rotation once every three months.

>See also: How much control do IT executives have over password security?

The study, which surveyed more than 600 UK-based IT decision-makers with influence over their business’s IT security, highlighted that although many businesses require passwords to be a minimum length, a mix of upper and lower case, and to use numbers, the majority are failing to enforce any further password complexity requirements on employees. Only 37% of those surveyed ask employees to check their passwords against common password lists and 39% don’t even require employees to use special characters.

When it comes to authenticating users for internal and external corporate applications, the results are just as concerning. With less than a third (30%) implementing multi-factor authentication (MFA) as a mandatory authentication requirement for internal applications, and 26% for external applications, organisations are simply relying too heavily on weak password requirements, leaving organisations and valuable corporate data easily accessible to cybercriminals looking for the easiest way into the corporate network.

These security shortcomings can lead to significant costs, since the average cost for a UK company to remediate a data breach is £2.5 million, according to IBM Security’s 2017 Cost of Data Breach study.

>See also: Password ignorance will lead to cyber attacks

These costs include unexpected loss of customer business, product discounts, forensic and investigative activities, and legal expenditures. And once GDPR comes into effect in May 2018, penalties related to data breaches will start at €10 million and can go up to as much as €20 million or 4% of their annual turnover, depending on which is higher.

“The traditional password is the stalwart of cyber security, but our research has shown just how complacent IT decision makers have become about this vital, powerful, yet understated security measure.”

“Companies need to be more forward-thinking when it comes to identity and access management by enforcing strong passwords and using modern multi-factor authentication,” said Alvaro Hoyos, chief information security officer at OneLogin.

Businesses should consider the following to reduce their risk exposure due to weak passwords:

 Choose applications that support SAML or OpenID Connect for user authentication. Applications are the front door to company data; when an app supports SAML (Security Assertion Markup Language) or OpenID Connect, it lets IT staff ensure all users have strong passwords.

>See also: It’s time to get rid of the password for more secure protection

 Use modern multi-factor authentication. It’s not enough to use any MFA technology to send one-time passwords (OTPs) since older MFA technologies like SMS are easily compromised. Modern MFA ensures that OTPs cannot be stolen or re-routed to a hacker-controlled account.
 Strengthen your phishing defences. Most cyber attacks start with phishing emails. Train your employees how to spot these emails, and regularly run phishing assessments to measure their ability to do so.

 

The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Latest news

divider
Start-up scene
How European tech founders can supercharge growth in 2021

How European tech founders can supercharge growth in 2021

5 March 2021 / The last year has shown that the growth of European tech is unstoppable. Tech.eu reported [...]

divider
People Moves
Cancer Research UK appoints new COO and CTO

Cancer Research UK appoints new COO and CTO

5 March 2021 / The creation of new COO and CTO roles at Cancer Research UK bring the completion [...]

divider
Research
Digital experiences failing in financial services — VMware

Digital experiences failing in financial services — VMware

4 March 2021 / The widespread lack of improved digital experiences delivered by financial services companies, as found by [...]

divider
Data Analytics & Data Science
Why making the business case for text and data mining is key to embracing digital techniques

Why making the business case for text and data mining is key to embracing digital techniques

4 March 2021 / We live on the edge of an age of unlimited potential. Advances in artificial intelligence [...]

divider
Tech and society
Food tech in the pandemic: digesting the second wave of innovation

Food tech in the pandemic: digesting the second wave of innovation

3 March 2021 / The cultural and social implications of Covid-19 have accelerated trends in the food tech sector [...]

divider
Releases & Updates
Spring Budget 2021: what it means for the UK tech sector

Spring Budget 2021: what it means for the UK tech sector

3 March 2021 / Chancellor Rishi Sunak has announced his 2021 Spring Budget, as the UK economy continues to [...]

divider
M&A
Wunderman Thompson acquires NN4M to strengthen commerce offering

Wunderman Thompson acquires NN4M to strengthen commerce offering

3 March 2021 / In an aim to advance towards delivering effective cross-channel engagement platforms, the acquisition of NN4M [...]

divider
People Moves
Ian Duggan appointed Indigo Telecom Group CEO

Ian Duggan appointed Indigo Telecom Group CEO

3 March 2021 / Duggan joins as CEO after founding and serving as CEO of 4site, the mobile wireless [...]

divider
Case Studies
EIS partners with esure Group to expedite digital transformation

EIS partners with esure Group to expedite digital transformation

2 March 2021 / The partnership between esure and EIS marks the start of a transformation programme, which includes [...]

Information Age

Pin It on Pinterest