The survey also shows that the majority of companies mismanage the storage of administrative passwords by keeping them in unsecured locations and hence not controlling access to these critical codes. 57% of companies store their administrative passwords manually, 18% store them in an excel spreadsheet (which are notoriously insecure and easy to access), and 82% of IT professionals store them in their heads – hindering security efforts, business continuity, as well as the auditing, controlling and managing of passwords. In the event that the keeper of these critical administrative passwords is unavailable or loses the location of the passwords, it can cause massive disruption and hours of lost productivity.
In other words, don’t throw out any Post-It notes laying around the IT department… you may never get into your workstation again!
Insider Sabotage More Prevalent
15% of companies interviewed had experienced insider sabotage, which is not surprising considering that over one-third of IT staff report using administrative passwords to snoop around corporate systems. Even worse, such snooping can turn ugly when IT workers feel disgruntled, aggrieved and especially after they’ve been fired. According to a recent study by Carnegie Mellon University, the most common insider attack is by a disgruntled IT employee using anonymous access from a privileged account.