One in three networks has exposed passwords
Passwords are exposed in Group Policy Preferences in 32.2 percent of networks, according to new research, leaving them open to the risk of hackers traveling laterally through the network.
The study from identity and access specialist Preempt also shows organizations lack visibility and control when it comes to their passwords and privileged users.
Almost 97 percent of inspected enterprises revealed at least one security issue between Active Directory issues and password policies, while 72.2 percent had 'stealthy admins' -- users with excessive administrative privileges that could be used or manipulated by malicious actors.
"While cybersecurity spending is at all time highs, our research finds the vast majority of organizations are vulnerable to hacking via brute force password attacks, compromised user credentials, and other common tactics," says Ajit Sancheti, Preempt's co-founder and CEO. "Compromised credentials were responsible for 81 percent of hacking related breaches last year, and our research suggests this will potentially worsen unless enterprises prioritize password best practices, as well as visibility and control around privileged users."
The study is based on data from Preempt's free-to-use Inspector application. Among other findings are that the bigger an organization is, the more secure their passwords tend to be. Preempt Inspector was able to crack 8.7 percent of passwords in large organizations (over 1,000 employees), compared with 10.3 percent in medium organizations (100 to 1,000 employees) and 16.78 percent in small organizations (fewer than 100 employees).
Password quality is best in the US and Europe is better than the rest of the world, with researchers able to crack 6.3 percent of US passwords, compared with 11.74 percent of passwords in Europe and 17.86 percent of passwords from other regions. There are wide variations in policy, however, with only five percent of all networks having a strong password policy, while 23 percent of networks have a very weak password policy.