Cyber-Ark Software, the information security software company that develops and markets digital vaults for securing and managing highly-sensitive information within and across global enterprise networks, today announces the surprising results of its 2006 Privileged Password Survey. Privileged passwords are the non-personal passwords that exist in virtually every device or software application in an enterprise, such as root on a UNIX server, Administrator on a Windows workstation, and Cisco Enable on a Cisco device.
A surprising set of statistics
Completed by more than 140 IT professionals, the 2006 Privileged Password Survey reveals that privileged passwords are far more common in enterprises than previously thought: approximately one-half of all enterprises contain more privileged passwords than individual ones. Second, although these privileged passwords provide ìsuper-userî system access, the survey exposes that up to 42% are never updated, a frightening prospect in todayís environment of increased audits and hacker attacks. In fact, half of the IT professionals surveyed reveal that theyíre concerned about audits, and 6 out of 10 state that their organization has been hacked.
Often, the reason privileged passwords are rarely updated is a simple one: many enterprises still manually change these key passwords and as one IT Executive from a Fortune 500-sized company states: ìmanually changing thousands of passwords across hundreds of databases is simply impractical.î
Approximately half of all enterprises have more privileged passwords than personal ones
According to the 2006 Enterprise Privileged Password Survey, the typical enterprise contains:
More than 500 employees, and each employee has an Administrator account associated with their workstation (72%)
More than 500 servers with privileged password accounts (44%)
More than 100 routers with privileged password accounts (41%)
More than 100 software applications (71%), most of which connect with other applications (92%)
ìOften organizations believe that because they have a small number of IT administrators, they canít have many privileged passwords,î says Adam Bosnian, Vice President of Products, Strategy and Sales for Cyber-Ark Software. ìThe truth is that privileged passwords come pre-loaded onto virtually every piece of hardware and software in an enterprise and are therefore extremely common. Simply put, these super-user passwords are the keys to your kingdom, and yet they are often left unguarded.î
Privileged passwords are more powerful but less likely to be changed
Although privileged passwords provide ìsuper-userî access to a target system, the survey shows they are far less likely to be updated. Respondents report that 99% of individual passwords are updated, however for privileged passwords:
13% of ROUTER privileged passwords are never changed
21% of LOCAL WORKSTATION privileged passwords are never changed
13% of SERVER privileged passwords are never changed
42%of SOFTWARE passwords are never changed
In many cases, these passwords are never changed because organizations still manually update them, a time-consuming process. As an IT Executive at one Fortune 500-sized company explained: ìVirtually every server, router, and application in our enterprise has a number of Privileged Accounts. Of course, we have to regularly change the Privileged User Passwords for these powerful systems, however, manually changing thousands of passwords across hundreds of databases is simply impractical.î
A major risk for hacker attacks and failed audits
The survey not only revealed that privileged passwords are rarely changed, it also supports that this is a dangerous practice in todayís environment of hacker attacks and increased audit pressure. For example, in survey results:
6 out of 10 enterprises report being hacked
9 out of 10 enterprises state theyíre annually audited for IT practices
Half of all IT professionals are often or always concerned about passing audits
ìOf course, having unsecured privileged passwords is an unnecessary risk,î says Adam Bosnian, Vice President of Products, Strategy and Sales for Cyber-Ark Software. ìThere are proven software applications available today that automatically update privileged passwords across all enterprise systems, including routers, servers, workstations and software applications. Cyber-Ark is proud to offer the Enterprise Password Vault as the award-winning solution for managing, securing, auto-updating and logging all activity associated with privileged passwords.î
For more information on managing these privileged user passwords and for the full results of this survey, visit www.cyber-ark.com/survey.asp
Survey uncovers that one-half of enterprises have more administrative passwords than individual ones
Survey uncovers that one-half of all enterprises have more administrative passwords than individual ones... and up to 42% of these super-powerful passwords are never changed
