Recently, Israeli identity and access threat prevention solution provider Preempt, released research indicating enterprises remain vulnerable to exploits and breaches.
According to Preempt, almost one in three enterprises had exposed passwords in their Active Directory Group Policy Preferences. This renders them vulnerable to compromise or lateral movement attacks.
Additionally, they found a continued lack of visibility into their privileged identities and credentials. Only 5% of enterprises have a strong password policy. 23% had what Preempt determined to be a weak password policy. 72% had what Preempt referred to as “stealthy administrators”—users with excessive privileges.
As with any privileged access management abuse or cases of access creep, these stealthy admin accounts can become major targets for external hackers. In other cases, they could open opportunities for insider threats either by the credential’s owners or by other users through credential sharing.
Ajit Sancheti, Preempt Co-Founder and CEO, said in a statement: “While cybersecurity spending is at all time highs, our research finds the vast majority of organizations are vulnerable to hacking via brute force password attacks, compromised user credentials, and other common tactics.”
“Compromised credentials were responsible for 81 percent of hacking-related breaches last year, and our research suggests this will potentially worsen unless enterprises prioritize password best practices, as well as visibility and control around privileged users.”
Preempt found credential policies requiring 10 or more characters for their passwords were stronger in their overall privileged identity management position; however, only 5% of surveyed enterprises utilized this high-security password policy.
The study did discover password security tended to be stronger in larger enterprises. Preempt’s Inspector product could crack 9% of large-sized enterprise passwords, compared to 10% of passwords in medium-sized enterprises, and 16.8% of passwords in small businesses.
You read more about the identity and privileged user findings from solution provider Preempt here.
Widget not in any sidebars
Ben Canner
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
- The Best Biometric Authentication Software to Consider in 2024 - January 8, 2024
- The Best Privileged Access Management Providers for 2024 - January 1, 2024
- The Best Identity Governance Tools and Vendors in 2024 - December 31, 2023
