Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Cyber Security Awareness Month: Insecure password practices are a risk to Aussie businesses

Cyber attacks using stolen or compromised credentials are on the rise, but despite this, Australian workers continue to put their businesses at risk through lax password practices.

user icon David Hollingworth
Fri, 20 Oct 2023
Cyber Security Awareness Month: Insecure password practices are a risk to Aussie businesses
expand image

New research from CyberArk for Cyber Security Awareness Month has shown that an alarming 70 per cent of Australian workers are less than secure when it comes to passwords.

Even password managers may not be the solution. Ninety-four per cent of Australian security professionals are worried about standalone password managers and related security incidents.

On top of that, 69 per cent of security experts feel their own organisations are not doing enough to secure the highest levels of employee access. This is particularly worrying, given that 39 per cent of Australian employees have some form of access to sensitive information.

============
============

Employee turnover is also a problem, as far as Australian professionals are concerned. Seventy-one per cent of experts believe that staff churn will be the cause of some kind of cyber incident in 2023.

Thomas Fikentscher, regional director for ANZ at CyberArk, said the statistics paint a grim picture.

“As Australian organisations face an evolving threat landscape where threat actors are continually innovating to cause financial, operational and reputational damage, it is alarming to think the only thing standing between the attackers and their sensitive data and assets are passwords – and poorly protected ones,” Fikentscher said in a statement. “Password management must be dynamic to keep up with attackers’ innovation. The exploitation of stolen, neglected or forgotten staff credentials clearly leads to heightened cyber risk for organisations, so it’s heartening to see that almost all Australian organisations are exploring ways to up their password security game in the coming year.”

“While the implementation of multifactor authentication systems, the influx of biometric tools and a move towards ‘passwordless’ all point to the industry’s effort to enforce robust measures to prevent credentials breaches, most still lack controls and functionalities that enterprises need to secure end-user credentials,” Fikentscher added.

“Organisations must apply intelligent privilege controls to all identities – human and machine – with continuous threat detection and prevention across the entire identity life cycle.”

You can read CyberArk’s full 2023 Identity Security Threat Landscape Report here.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.