News
Insecure password practices in UK workplaces equals attacker opportunity
October 2023 by CyberArk
Poor password security is continuing to put UK businesses at risk, according to 2023 research from CyberArk. High-profile cyberattacks using stolen or leaked employee logins to breach and hijack entire IT systems are on the rise, but 55% of UK workers still use insecure practices to keep track of their credentials.
The company’s 2023 Identity Security Threat Landscape Report, which examines the evolving cyber threat landscape, reveals that sub-standard password security controls continue to provide an easy access point for attackers, with 79% of UK security professionals voicing increasing concern with security incidents involving standalone password managers. Over half (58%) also admit that current processes and technologies aren’t adequately securing the most highly sensitive access for employees.
Cyber attackers are well aware of vulnerabilities in this area: recent high-value crypto heists were tracked back to leaked credentials from a large-scale password manager tool breach in 2022, while logins make up almost 90 percent of goods and services for sale on dark web marketplaces. With 29% of UK employees having access to sensitive organisational data[1], this is clearly an issue.
“It’s a tough time for UK businesses; amid an economic downturn, a continued cyber skills gap and long-term political instability, threat actors are continually innovating to cause firms monetary and reputational damage,” said Rich Turner, President, EMEA at CyberArk. “The exploitation of stolen, neglected or forgotten staff credentials clearly leads to heightened cyber risk for firms, so it’s heartening to see that eight out of 10 UK businesses are exploring ways to up their password security game in the coming year[2].”
Turner concludes: “While the implementation of multi-factor authentication systems, the influx of biometric tools and a move towards ‘passwordless’ all signpost the industry’s effort to enforce robust, context-aware employee identification methods, we need to continue working to overcome vulnerabilities brought on by using security tools – often designed for consumers – that are out of place in the modern, complex enterprise.”
“Employee passwords are a tempting target for attackers because so many of us have access to sensitive data. IT and security teams should consider a security-first approach to storing workforce credentials, and adopting enterprise-grade protection to spot, block and prevent identity-related threats while they’re still in their infancy.”
The CyberArk 2023 Identity Security Threat Landscape Report represents the findings of a worldwide survey across private and public sector organizations of 500 employees and above. It was conducted by market researchers Vanson Bourne amongst 2,300 cybersecurity decision makers. Respondents were based in Brazil, Canada, Mexico, the US, France, Germany, Italy, the Netherlands, Spain, the UK, Australia, India, Israel, Japan, Singapore and Taiwan. This media alert focuses on the UK findings.
