27 Percent of U.S. Employees Would Sell Their Passwords

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to the results of a recent survey of 1,000 employees at organizations with at least 1,000 employees, 20 percent of respondents said they would sell their passwords to a third party -- and 27 percent of U.S. respondents said they would do so.

The 2016 SailPoint Market Pulse Survey, conducted by Vanson Bourne, also found that among those who said they would sell their passwords to a third party, 44 percent would do so for less than $1,000.

Respondents were located in the U.S., the U.K., Germany, France, the Netherlands and Australia.

"One would think that as more breaches touched more people individually, they would be more vigilant about security processes," the report states. "But, in a stark contrast, it seems that while they expect their personal information's safety, when functioning as employees, these same users are practicing security incredibly ineffectively, leaving themselves and their employers exposed."

One third of respondents admitted having purchased a SaaS application without IT's knowledge, and 26 percent admitted having uploaded sensitive information to cloud apps with the specific intent of sharing that data outside the company.

More than 40 percent of respondents said they were still able to access a variety of corporate accounts after leaving their last job. In the U.S., 48 percent said they had been able to do so.

One third of respondents said they have been impacted on a personal level by recent data breaches, and 85 percent said they would react negatively if their personal information was breached at a company with whom they do business. Eighty-four percent of respondents are concerned that incredibly sensitive information about them is being shared.

Still, 32 percent of respondents admitted sharing passwords with their co-workers, and 65 percent admitted using a single password between applications.

A separate Lieberman Software survey of almost 200 attendees at the 2016 RSA Conference found that fully 53 of respondents think modern hacking tools could easily break passwords within their organizations, and 77 percent believe passwords are failing as an IT security method.

Thirty-six percent of respondents work in organizations where IT staff share the same passwords, and 55 percent make users change their passwords more regularly than they change administrative credentials. Ten percent of respondents admit to never changing administrative credentials, and 15 percent do so only once a year.

Forty-five percent believe that, despite all the security technology their organization has deployed, they're unprepared to defend against a cyber attack.

"Today's advanced threats can defeat the conventional perimeter security tools that organizations rely upon," Lieberman Software president and CEO Philip Lieberman said in a statement. "Once the attacker gets past the perimeter, all they need to do is compromise just one privileged credential to move from system to system on the network, extracting sensitive data along the way."

"This comes back to the notion that passwords are failing IT security," Lieberman added. "If organizations cannot secure the credentials hackers need to gain privileged access, the massive data breaches we keep reading about in the news are only going to increase."

Recent eSecurity Planet articles have examined 10 top password management solutions and offered advice on how to secure corporate data in a post-perimeter world.