Lieberman Software's 2014 Information Security Survey reports on IT security professionals' insights into password security, cloud security and other current cyber security trends.
- Almost 1 out of 4 respondents work in organizations that do not change their service and process account passwords within the 90 day time frame commonly cited as best practice by most regulatory compliance mandates.
- More than 13% of respondents can still access a previous employers' systems using their old credentials. A surprising percentage can still gain access into two, or even more, ex-employers' systems.
- Nearly 1 in 5 of those surveyed do not have, or don't know if they have, a policy to ensure that former employers and contractors can no longer access systems after leaving the organization.
- An overwhelming 80% of surveyed respondents choose to keep their organization's most sensitive data on their own network, rather than the cloud.
- Nearly 3 out of 4 of those surveyed say that the cloud applications their users download cause security headaches.
These results seem to indicate a general lack of password security and privileged access control. This could be the result of poor security training, or it could be a lack of IT security awareness stemming from the complexity of managing large and dynamic enterprise environments. Regardless, as long as so many organizations are maintaining lax control of their password updates and privileged account management, the high frequency of data breaches can be expected to continue - if not grow.
About the Survey
The survey queried nearly 280 IT security professionals attending RSA Conference 2014 in San Francisco. All respondents were registered attendees of the show, and the surveys were conducted in-person during the conference. More than 55% of those surveyed work in organization with at least 1,000 employees.
About Lieberman Software
Lieberman Software is a leader in the privileged identity management security field. Its products automatically locate and continuously track privileged accounts throughout the enterprise, ensuring that only authorized personnel have temporary, audited access to powerful privileged accounts.