Recently, Israeli identity and access threat prevention solution provider Preempt, released research indicating enterprises remain vulnerable to exploits and breaches.
According to Preempt, almost one in three enterprises had exposed passwords in their Active Directory Group Policy Preferences. This renders them vulnerable to compromise or lateral movement attacks.
Additionally, they found a continued lack of visibility into their privileged identities and credentials. Only 5% of enterprises have a strong password policy. 23% had what Preempt determined to be a weak password policy. 72% had what Preempt referred to as “stealthy administrators”—users with excessive privileges.
As with any privileged access management abuse or cases of access creep, these stealthy admin accounts can become major targets for external hackers. In other cases, they could open opportunities for insider threats either by the credential’s owners or by other users through credential sharing.
Ajit Sancheti, Preempt Co-Founder and CEO, said in a statement: “While cybersecurity spending is at all time highs, our research finds the vast majority of organizations are vulnerable to hacking via brute force password attacks, compromised user credentials, and other common tactics.”
“Compromised credentials were responsible for 81 percent of hacking-related breaches last year, and our research suggests this will potentially worsen unless enterprises prioritize password best practices, as well as visibility and control around privileged users.”
Preempt found credential policies requiring 10 or more characters for their passwords were stronger in their overall privileged identity management position; however, only 5% of surveyed enterprises utilized this high-security password policy.
The study did discover password security tended to be stronger in larger enterprises. Preempt’s Inspector product could crack 9% of large-sized enterprise passwords, compared to 10% of passwords in medium-sized enterprises, and 16.8% of passwords in small businesses.
You read more about the identity and privileged user findings from solution provider Preempt here.
Latest posts by Ben Canner (see all)
- 4 Gartner Cool Vendors 2019: Identity and Access Management - May 20, 2019
- 6 Questions to Improve Your Identity Management Strategy - May 16, 2019
- The 10 Best Free and Open Source Identity Management Tools - May 15, 2019