Enterprises lack confidence in their secret and password management
Many organizations have day-to-day SSO, identity, and even privilege solutions as part of their cybersecurity mindset and strategy. But an explosion of decentralized secrets and passwords outside the apps onboarded to identity and privileged access management solutions pose a big cybersecurity risk to businesses.
Don’t have time to read this entire survey? Download as a graphic
Download your exclusive copy of this guide to keep and refer to it. Or, if you're ready to dive in, continue your journey below.
Enterprises lack confidence in their secret and password management
Many organizations have day-to-day SSO, identity, and even privilege solutions as part of their cybersecurity mindset and strategy. But an explosion of decentralized secrets and passwords outside the apps onboarded to identity and privileged access management solutions pose a big cybersecurity risk to businesses. Each employee may have an average of 70 to 100 decentralized secrets and passwords that could be compromised, used to gain access and move throughout your organization or assist in an attack.
Pulse and Bravura Security surveyed 100 IT, security, and cybersecurity leaders to find out how organizations are ensuring loose passwords aren’t a loose thread in cybersecurity strategy.
Data collection: March 14 - April 3, 2022
Respondents: 100 security decision-makers
How poor password management leaves enterprises vulnerable
94% of leaders reported that they require password management training, some (63%) doing training more than once a year.
Diagram: How often do you require employees to complete password management training?
Despite organizations providing training, 46% of respondents said they primarily store passwords on shared office documents, which has been proven to cause data breaches and ransomware attacks.
Diagram: How do you primarily save and store your work-related passwords?
Current employees aren’t the only risk. Former employees can create just as many question marks without the proper controls. When asked about their confidence level that an employee could take enterprise passwords when leaving the company, only 5% of leaders were extremely confident that this wouldn’t happen.
Diagram: Are you confident that when an employee leaves your company they are not taking enterprise passwords with them?
Similarly, only 7% of leaders are extremely confident that they could transfer passwords and credentials, terminate access, and maintain business continuity if they needed to urgently terminate an employee.
Diagram: If you need to urgently terminate an employee, are you confident that you can transfer passwords and credentials, terminate access, and maintain business continuity?
29% of respondents report that their organization experienced an incident in the past year where they lost temporary access to product systems after an employee left the organization.
Diagram: Have you had incidents in the past year where an employee left the organization and organizational access to production systems was lost at least temporarily?
29% of respondents report that their organization experienced an incident in the past year where they lost temporary access to product systems after an employee left the organization.
Diagram: Respondent Breakdown
How loose secrets leave enterprises vulnerable
With 94% of leaders mandating password training and 46% indicating they store passwords in documents, it signifies that there is a mass failure to comply with password training. Why? The answer is because it’s human nature. Employees want to get to work, not spend their time managing an explosion of secrets and passwords.
Organizations can reduce their cybersecurity risk with an enterprise-grade password wallet or safe that is built for business. Giving employees a simple tool to securely generate, manage and share secrets and passwords that are ungoverned by SSO and privilege programs automatically puts best practices and password hygiene into practice so employees can get back to work.