Half of servers have more than 30 users with default passwords, says IBM

Servers

by CBR Staff Writer| 16 May 2014

Study of servers audited by PowerTech shows firms failing to get the basics right.

Half of servers have more than 30 users whose passwords are set to the defaults, according to a study from IBM.

The computing multinational studied data from over 200 audited servers and partitions, finding that 39% do not require users to have a digit in their passwords, with a quarter of the systems never requiring that users change their login credentials.

PowerTech's Robin Tatam, director of security technologies and author of the study, said: "Many organisations focus on external threats, but current and former employees are often responsible for data loss or theft, whether intentionally or not."

The study found one of the servers had recorded more than two million sign-on attempts with a single profile, while in a system with almost 2,000 users only a hundred had changed their password from the default.

An average of 240 profiles had not signed on in the past month on each system, with 140 of those remaining enabled and ready for use. Only a third of servers studied had put an exit mechanism in place.

Almost all the systems studied failed to prevent users from accessing critical data, despite all systems having been audited by PowerTech's Compliance Assessment in 2013.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.