Survey says: 40% of organizations store admin passwords in a Word document

Kit McDonald

Security is always a cause of concern and Microsoft takes the threat of cyber attacks very seriously. That being said, even though organizations feel like they are more secure, it doesn’t always mean they necessarily are. According to a recent survey (via eSecurity Planet) sonsored by CyberArk and conducted by research provider Vanson Bourne, we have a little bit more insight to the thoughts behind cybersecurity.

The research was conducted with the help of 750 IT administrators and decision makers. Even though 79% of those polled were certain that they had learned lessons from major cyber attacks, that didn’t stop only 67% from feeling that their organization had a strong secure leadership. While that’s more than last year (at 57%), perhaps that extra 33% has a right to feel a bit insecure.

According to the study, 40% of organizations use Microsoft Word documents or a spreadsheet to store priveledges and administrative password. Another 28% uses a shared server or a USB stick. Furthermore, nearly half of responders admitted that they allow third-party vendors access to their internal network.

John Worral, CMO at CyberArk, shared his assessment of the findings in a public summary of the report:

The findings of this year’s Global Advanced Threat Landscape Survey demonstrate that cyber security awareness doesn’t always equate to being secure. Organizations undermine their own efforts by failing to enforce well-known security best practices around potential vulnerabilities associated with privileged accounts, third-party vendor access and data stored in the cloud. There’s a fine line between preparedness and overconfidence,” he said. “The majority of cyber attacks are a result of poor hygiene — organizations can’t lose sight of the broader security picture whilst trying to secure against the threat du jour.

Of course, when it comes to the risk of future attacks, the respondents shared that their priorities were skewed in favor of the global market with 58%. Cyber attacks that assaulted utility damages and civil services came in just below but still above half percentage.

At least the IT administrators have their priorities in line when responding to cyber attacks- for the most part. 70% replied that the primary goal during a cyber attack is to stop the breach and remove the attackers. Even identifying the source of the breach followed just behind removing the threat. However, just a few stragglers felt that notifying the organization’s leadership was the top priority.

Cyber attacks hit hard and fast. Hopefully, some of these survey findings will encourage businesses to reconsider their security measures and training. You can download the full report from CyberArk’s resources.