Research finding issued by SailPoint Technologies with its annual Market Pulse Survey – included findings that:
a) one in five employees surveyed would sell their security passwords for the right price,
b) 65% of respondents used a single password across multiple applications, and
c) one in three employees purchase SAAS applications without informing IT, d) 84% worry their personal info is being shared, and e) 40% have access to applications after leaving their jobs.
IT security experts respond:
Tim McElwee, President, Proficio:
“This recent research underscores the need to monitor the behavior of employees, including who is accessing what systems and how are the credentials being used – even from existing employees. 24×7 security event monitoring is increasingly a must for all organizations wishing to protect critical data. Very large organizations can afford to build a Security Operations Center (SOC) and operate SIEM software, and most others increasingly turn to MSSPs to achieve the level of monitoring needed to secure the enterprise.”
Craig Kensek, Security Expert, Lastline:
“This has been a problem for years with enterprises and probably won’t go away any time. MFA could help solve this problem, or evolving away from passwords to other technologies such as biometrics may be the solution.
“The ‘20% would sell their passwords’ figure probably varies a lot by the level of the respondent within the organization. Selling passwords should be a reason for termination, and people leaving the organization should have their passwords terminated immediately. A solution that looked at the IP address of whoever was trying to log in could be a potential solution – it would trigger a response like: ‘Prove to me that you are the owner of this ID, since you’re based in Des Moines Iowa and you’ve never logged in from an internet cafe in France at 3:00 in the morning before!'”