If the findings of a recent survey by Quocirca are to be believed, nearly 50 percent of organisations in Europe that claim to have attained the ISO 27001 standards are apparently sharing their privileged user accounts and are not following other standard guidelines.
The survey which was based on a sample size of 270 European IT managers including 45 managers from United Kingdom has raised serious questions about data security in organisations.
It has been reported that nearly 47% of firms in the United Kingdom claimed that they have followed the specified ISO standards while 41% of these organizations said that they were also using several non-compliant practices.
The European data is at a high risk because of bad and fraudulent practices which includes the use of default user names and passwords, failure to monitor users and negligence in the existence of privileged users.
What is more surprising is that 29% firms in the UK trust the manual control of privileged users, who include personal users, system administrators and application service users while only a quarter of them use privileged user management software that helps in business enforcement and tracking policies.
In order to secure the date present in an organisation, the study has highlighted the urgent need to introduce individual accountability, secure log files and follow a privileged user management.
Quocirca's survey results are worrying indeed and shows how difficult it is to educate senior managements and those in power. Apart from the insider threat, there's also the possibility that failure to respect simple security procedures (like using strong passwords) could allow outsiders to bypass security perimeters altogether.