Companies playing Russian roulette with customer data as 86% of sysadmins admit using basic access control security

Richard Parris, CEO and chairman of Intercede

Digital identity and credentials expert Intercede announced the results of research into how UK systems administrators, those who manage the operation of computer systems, or those who hold such assess rights are protecting and securing sensitive data within their organisations.

It revealed that 86% of those with systems administrator (sysadmin) level access rights are currently using only basic username and password authentication to access their companies’ IT systems on-site.

Perhaps in acknowledgement of the risks posed, 50% of the research respondents admitted that business user accounts in their organisations are ‘not very secure’. With 81% of hacking related breaches exploiting stolen or weak passwords user authentication is currently the weakest link in the security chain.

The potential for catastrophic impact on businesses, and more worryingly, the consequential impact on customers, is a major concern. The research, conducted by Vanson Bourne in July 2017, reveals some alarming results about how systems administrators are protecting access to core IT systems and turning a blind eye to the most basic security requirements.

Richard Parris, CEO and chairman of Intercede commented on the research: “Sysadmins effectively hold the ‘keys to the kingdom’, and relying on username and password authentication is a bit like relying on a basic Yale lock to secure your front door.

Even the least security conscious of us also bolt the door with a five lever mortice lock and many go much further. In today’s age of the hack, when compromised passwords are the root of the vast majority of security breaches, UK businesses clearly need to do much more – it isn’t simply their data that is compromised, it’s ours.”

Highlights from the research include:

    • 86% rely on username and password authentication when accessing their main business account on-site; 69% use complex passwords and 17% use simple passwords
    • Other methods for authentication on-site included virtual smart cards and PINs (6%) and biometrics such as a fingerprint or facial ID (2%)
    • When accessing business accounts off-site, just over half (54%) rely on username and password authentication – 48% use complex passwords and 6% use simple passwords
    • 58% of research respondents work for companies serving consumers
    • Basic username and password authentication on-site is common across markets, ranging from 82% in manufacturing to 92% in retail, distribution and transport
    • Username and simple password authentication is used by 38% of those with sysadmin access in the retail, distribution and transport sector

“It’s time businesses finally take security seriously and look at stronger methods of authentication to protect information. With the new General Data Protection Regulation (GDPR) due for adoption next year, businesses can be held criminally liable for failing to adequately protect customer data, with severe consequences for the bottom line and for corporate reputation. There’s no excuse for continuing to play Russian roulette with data and privacy.”

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

Recent Articles

Mouser explores power behind AI at the Edge

Posted on: July 23, 2021

Mouser Electronics Inc. has released the third instalment of the 2021 series of its award-winning Empowering Innovation Together program. The series’ third installment dives deep into artificial intelligence (AI), through an engaging collection of video, long-form articles, blog and infographic content.

Read more

The value of analogue measurement

Posted on: July 23, 2021

Analogue measurement can define your upside. when you look at what you can achieve in a plant, you may be able to accomplish a lot with just simple digital sensors. You can tell when something switches state ( goes on and off), you know if things are running or not running, you can tell if

Read more