Survey Reveals Scandal of Snooping IT Staff
Passwords Stored Insecurely

The survey also shows that the majority of companies mismanage the storage of administrative passwords by keeping them in unsecured locations and hence not controlling access to these critical codes. 57% of companies store their administrative passwords manually, 18% store them in an excel spreadsheet (which are notoriously insecure and easy to access), and 82% of IT professionals store them in their heads – hindering security efforts, business continuity, as well as the auditing, controlling and managing of passwords. In the event that the keeper of these critical administrative passwords is unavailable or loses the location of the passwords, it can cause massive disruption and hours of lost productivity.

In other words, don’t throw out any Post-It notes laying around the IT department… you may never get into your workstation again!

Insider Sabotage More Prevalent

15% of companies interviewed had experienced insider sabotage, which is not surprising considering that over one-third of IT staff report using administrative passwords to snoop around corporate systems. Even worse, such snooping can turn ugly when IT workers feel disgruntled, aggrieved and especially after they’ve been fired. According to a recent study by Carnegie Mellon University, the most common insider attack is by a disgruntled IT employee using anonymous access from a privileged account.

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //