CybersecurityIT organization surveys potential insider-threats

Published 22 February 2011

Employees are being overloaded with passwords; 10 percent of IT professionals are still able to access accounts from a prior job; 52 percent of employees admit that they have shared their work log-ins and passwords with other co-workers, and vice versa

Sharing passwords is a security vulnerability // Source: delawareareacc.org

Interviews conducted from 5 January 2011 to 18 January 2011 by Quest Software, Inc., an IT solutions organization, and Harris Interactive, a data collection company, show that employees are being overloaded with passwords and that 10 percent of IT professionals are still able to access accounts from a prior job. This residual access dramatically increases an organization’s risk of insider-threats. The surveying of 1,000 American white collar workers ages 18 and older and 500 IT decision-makers, aimed to explore current concerns and barriers felt by Americans around identity management and its effect on their ability to manage their personal and professional lives.

Key research findings include:

  • 52 percent of employees admit that they have shared their work log-ins and passwords with other co-workers, and vice versa.
  • One in four IT professionals spend more than thirty minutes per day logging into different Web sites and databases they need for work.
  • 65 percent of workers contact the help desk or IT department at least once per month when they can’t access a system needed for work.
  • 90 percent of IT professionals agree that companies need to do more to manage and protect users’ electronic identities.
  • 28 percent of workers say they have to remember more than five passwords just for work; 26 percent reported they have to change each password they need for work once a month, or more often

Quest offers services to mitigate the extent of “theft” of intellectual company property by employees, or the accessing of non-relevant information, by automating identity and access management (IAM) tasks and incorporates single sign-on capabilities to codeless provisioning, directory consolidation, password management, and privileged account management.