According to a research report from CyberArk, Australian businesses' poor password security is creating increased opportunities for cyberattacks. 70% of Australian employees frequently utilise insecure methods of tracking their passwords, potentially jeopardising security.
The company's 2023 Identity Security Threat Landscape Report, an investigation into the evolving cyber threat landscape, highlights that substandard password security controls offer easy access to attackers. It reveals that 94% of Australian security professionals are growing more concerned about security incidents involving standalone password managers. Over two-thirds (69%) confess that existing processes and technologies are not adequately securing high sensitivity access for employees.
There is a notable realisation amongst cyber attackers of these vulnerabilities, recognising the opportunity to exploit inadequately protected IT environments and credential access. With 39% of Australian employees having access to sensitive organisational data, and 69% claiming that maximum sensitivity employee access is not appropriately secured, it poses clear risks.
Moreover, the escalating staff turnover rate is leading to an increased risk of insider threats, with over two-thirds (71%) of Australian organisations anticipating employee churn-related cyber issues in 2023.
Thomas Fikentscher, Regional Director ANZ at CyberArk, commented on the situation stating, 'It's alarming to think the only thing standing between the attackers and their sensitive data and assets are passwords - and poorly protected ones. Password management must be dynamic to keep up with attackers. Stolen, neglected or forgotten staff credentials lead to heightened cyber risk for organisations. It's heartening to see that almost all Australian organisations are exploring ways to up their password security game.'
Fikentscher also pointed out the need for robust measures to prevent credentials breaches. He mentioned the implementation of multi-factor authentication systems, influx of biometric tools, and a move towards passwordless methods as significant efforts by the industry. He stressed the need for intelligent privilege controls for all identities and continuous threat detection and prevention across the entire identity lifecycle to secure end-user credentials.
He added, 'Employee passwords are a tempting target for attackers because so many of us have access to sensitive data. IT and security teams should consider a security-first approach to storing workforce credentials, adopting enterprise-grade protection to spot, block and prevent identity-related threats early.'