Loose Network Security Policies Invite Insider Hacking

8:40 AM, Mar 18, 2013   |    comments
  • Share
  • Print
  • - A A A +
  • FILED UNDER

Byron Acohido, USA TODAY


SEATTLE -- More evidence that opportunities abound for current or ex-employees with malicious intent to wreak havoc or steal data from their employers comes from authentication company OneLogin.

In a recent survey, OneLogin found 43% of respondents admitting that employees manage passwords in spreadsheets or on sticky notes, 34% share passwords with their co-workers for applications like FedEx, Twitter, Staples and LinkedIn, and 20% experienced an employee still being able to login after leaving the company -- which is what got suspended Reuters web editor Matthew Keys into so much hot water.

Keys was indicted on Thursday for allegedly conspiring with members of the hacktivist collective Anonymous to deface the website of his former employer. That was back in 2010.

Today, it turns out that most companies still don't take measure to secure passwords in an environment where rising use of Facebook, Twitter, YouTube and other social media is being widely integrated into business models.

"There's so much attention being paid to the threat of sophisticated cyber attacks, and here's yet another security breach that simply came down to bad password hygiene," says Thomas Pedersen, CEO of OneLogin. "There's absolutely no reason why a social media manager should know the user name and password for their company's own Twitter or Facebook account much less a production server sitting behind the corporate firewall."

Secure password handling technologies exists, but aren't yet pervasively adopted. One such system eliminates passwords and instead uses standards-based single sign-on such as SAML, which stands for Security Assertion Markup Language.

Another approach uses a password vaulting solution where the usernames and passwords are hidden and encrypted from employees. Such solutions "could have prevented this and so many other attacks we hear about everyday," says Pedersen.


Most Watched Videos