Intelligent CISO Issue 08 | Page 27

DO BUSINESSES AND ORGANISATIONS NEED TO DO MORE TO STRENGTHEN PASSWORD SECURITY? L astPass by LogMeIn, a leader in password management, has released its 2018 Global Password Security Report, revealing true password behaviours in the workplace and creating a benchmark that businesses can use to measure progress when investing in password security tools. The global report, which analysed anonymised data in more than 43,000 companies of all sizes, industries and geographies using LastPass as their business password manager, draws a precise picture of password management for the business IT community. achieving comparable (or even superior) average security scores: • • • • • Two benchmark scores are highlighted in the report: The LastPass Security Score and the LastPass Password Strength Score. Data from the report reveals that while businesses are making strides in strengthening password security, there’s more work to be done – with the average password security score of organisations found to be 52 out of 100. “Security professionals often fail to consider the value of the first factor of enterprise authentication – the password. Despite the sophisticated security measures enterprises are putting in place, something as fundamentally simple as a password is tripping them up,” said Frank Dickson, Research Vice President, Security Products at IDC. “Having a security benchmark such as what LastPass has provided with this report will help enterprises quantify their www.intelligentciso.com | Issue 08 Banking: 49 Health: 49 Insurance: 47 Retail: 48 Government: 49 Multi-factor authentication is gaining in popularity password risk, compare how they stack up to enterprises of similar size and gauge the effectiveness of their enterprise password management deployment.” Additional key findings include: Technology industry is leading the pack in password security The highest average security scores are in the technology industry (53). This is not surprising due to the privacy and data laws with which most must comply. What is surprising, is that heavily- regulated industries like banking, health, insurance and government are not As concerns about password security grow, multi-factor authentication is an increasingly-favoured way to protect an organisation. A total of 45% of businesses use multi-factor authentication, which represents a significant increase from last year’s 24.5%. Again, the technology sector leads the pack with 31% adopting multi-factor authentication. Whether it’s a greater awareness of available options or a stronger culture of security, organisations in the technology sector are prioritising extra protection. • • • • • Banking: 16% Health: 3% Insurance: 3% Retail: 13% Government: 2% 27