How much will you give me for this password?
Over and over we say that the weakest link in the chain of information systems security is “people.” Social engineering is truly an effective way of gaining access to sensitive systems and data.
This morning I was listening to the news and was shocked to hear a piece about the willingness of employees to sell their passwords giving access to employer’s computer systems. I traced down the article and was surprised to learn the pervasiveness of this problem.
In a survey by Sailpoint, it is said that one in five employees globally are willing to sell their access passwords to an outsider. Evidently this is up from one in seven, just last year. In the US, 27% of employees surveyed said they’d sell their passwords, some for the price of a dinner. The global average quoted price to sell a password was $82,000.
While security awareness training is indeed a difficult thing to do, the survey results referenced here speak to an even deeper problem. Have a look at the report to see how this breaks down by country surveyed. An info-graphic with the highlights can be found here.