UK companies playing Russian roulette with customer data

London, England/Washington DC, 23 August 2017 – Today, digital identity and credentials expert Intercede announces the results of research into how UK systems administrators, those who manage the operation of computer systems, or those who hold such assess rights are protecting and securing sensitive data within their organisations. It revealed that 86% of those with systems administrator (sysadmin) level access rights are currently using only basic username and password authentication to access their companies’ IT systems on-site.

Perhaps in acknowledgement of the risks posed, 50% of the research respondents admitted that business user accounts in their organisations are ‘not very secure’. With 81% of hacking related breaches exploiting stolen or weak passwords¹ user authentication is currently the weakest link in the security chain.

The potential for catastrophic impact on businesses, and more worryingly, the consequential impact on customers, is a major concern. The research, conducted by Vanson Bourne in July 2017, reveals some alarming results about how systems administrators are protecting access to core IT systems and turning a blind eye to the most basic security requirements.

Richard Parris, CEO and Chairman of Intercede commented on the research: “Sysadmins effectively hold the ‘keys to the kingdom’, and relying on username and password authentication is a bit like relying on a basic Yale lock to secure your front door. Even the least security conscious of us also bolt the door with a five lever mortice lock and many go much further. In today’s age of the hack, when compromised passwords are the root of the vast majority of security breaches, UK businesses clearly need to do much more – it isn’t simply their data that is compromised, it’s ours.”

Highlights from the research include:

• 86% rely on username and password authentication when accessing their main business account on-site; 69% use complex passwords² and 17% use simple passwords³
• Other methods for authentication on-site included virtual smart cards and PINs (6%) and biometrics such as a fingerprint or facial ID (2%)
• When accessing business accounts off-site, just over half (54%) rely on username and password authentication – 48% use complex passwords and 6% use simple passwords
• 58% of research respondents work for companies serving consumers
• Basic username and password authentication on-site is common across markets, ranging from 82% in manufacturing to 92% in retail, distribution and transport
• Username and simple password authentication is used by 38% of those with sysadmin access in the retail, distribution and transport sector

“It’s time businesses finally take security seriously and look at stronger methods of authentication to protect information. With the new General Data Protection Regulation (GDPR) due for adoption next year, businesses can be held criminally liable for failing to adequately protect customer data, with severe consequences for the bottom line and for corporate reputation. There’s no excuse for continuing to play Russian roulette with data and privacy.”