Employees would sell passwords for $150
SailPoint uncovered a widespread level of employee indifference towards protecting sensitive corporate data, including personal information of customers. In fact, an alarming number of employees surveyed admitted they would sell their passwords, some for as little as $150 U.S. dollars. These stats are based on a global survey of 1,000 employees at large organizations.
In addition to blatant sabotage, the survey also confirmed that employees are lax about password management in general. Specifically, 1 in 5 employees routinely share login information for corporate applications with other members of their team, which increases the potential that the passwords they sell might not even be their own.
Compounding the problem, 56% of respondents admitted to some level of daily password reuse for the corporate applications they access, with many as 14% of employees using the same password across all applications.
“Employees may have moved away from the post-it note password list, but using the same password across personal and work applications exposes the company,” said Kevin Cunningham, president and founder of SailPoint.
“Just think of the major breaches that occurred in 2014 requiring users to change their passwords on social media. If those were the same passwords being used to access mission-critical applications, it’s very easy for hacking organizations to take advantage and get into more valuable areas. The fact is that password reuse poses a significant risk to any organization – but the good news is that there are solutions that can quickly address the problem,” Cunningham added.
Today’s employees need to remember a dozen or more passwords, and are tempted to reuse the same one repeatedly, even if it eliminates the security benefits of having a password in the first place. Organizations recognize this and want to enforce better password management policies, but legacy password management solutions are too expensive and haven’t kept up with today’s business needs.