Content, Content

95% of Orgs Lack ‘Strong’ Password Policy

Most organizations lack visibility and control relative to their passwords and privileged users, according to a study of more than 100 organizations conducted by identity and access threat prevention solution provider Preempt Security.

Key findings from Preempt's study included:

  • 97 percent of organizations had at least one security issue.
  • 72 percent had stealthy administrators, i.e. end users with excessive administrative privileges that could be used or manipulated by malicious actors.
  • 61 percent had more than one account with stealthy administrator privileges.
  • 32 percent of networks had some passwords exposed in their group policy preferences; any authenticated user could recover these passwords.
  • 23 percent of networks had a very weak password policy, and 5 percent had a strong password policy.
  • U.S.-based organizations ranked first in terms of best password quality, followed by European organizations.
  • Researchers cracked 6 percent of U.S. passwords, compared with 12 percent of passwords in Europe and 18 percent of passwords from other regions.
  • Researchers cracked 9 percent of passwords in large organizations (more than 1,000 employees), compared with 10 percent in mid-sized organizations (100 to 1,000 employees) and nearly 17 percent in small organizations (less than 100 employees).

Today's organizations require a proactive approach to cybersecurity, Preempt indicated. With an effective cybersecurity strategy in place, an organization – regardless of size or industry – can analyze its cybersecurity posture and prepare for cyber threats.

Introducing Preempt Inspector

Preempt today offers Preempt Inspector, a cybersecurity app that helps organizations identify password issues, stealthy administrators and other security issues.

Organizations can use Preempt Inspector to find out if their end users are leveraging passwords involved in a breach or password dictionaries, the company said. They also can automatically find stealthy administrators who are not part of an official administrator group and detect security issues on laptops and domain controllers.

Preempt Inspector is now available free of charge.

MSP Password Management Tools: Meanwhile, multiple software companies have introduced password management platforms for MSPs and MSSPs. The lineup includes such names as IT GlueMyki and Passportal, among others.

Additional insights from Joe Panettieri.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.

Related