Credential security leader Dashlane today published its inaugural State of Credential Security Report, revealing the evolving credential security challenges and threats that businesses face in the age of AI. Based on a survey of 500 U.S.-based IT decision makers and 1,000 U.S.-based workers, the findings bring to light the growing burden that credential-related issues such as shadow IT and phishing are having on employees and admins.
Also Read: The Arbitrage Opportunity of Small Language Models: Unlocking AI Efficiency and Performance
Nearly two and a half years since OpenAI released ChatGPT as a free “research preview” in 2022, it’s evident that AI has accelerated productivity and ultimately business growth potential. At the same time, the report highlights its direct impact on the risk facing enterprises — a majority (74%) of IT leaders feel that AI poses an increased threat to password security, and 60 percent of employees agree. More than 80 percent of organizations have observed an increase in the volume and sophistication of phishing attacks.
“Enterprises find themselves at a pivotal juncture in managing the intersection of AI and people that is having downstream impact on business productivity and security,” said Frederic Rivain, Dashlane Chief Technology Officer. “Employees are enticed by loads of new AI apps and tools, and at the same time, face highly customized and sophisticated phishing attacks that can fool even the most seasoned security professional, increasing the risk of a credential-related breach.”
The resulting operational burden on IT admins and workers
Despite efforts by businesses, the report found that traditional approaches to credential security are proving in-effective:
- Nearly 40 percent (39%) of employees say that they’ve had to deal with phishing scams at work.
- Nearly all (96%) of IT leaders said they still deal with credential-related issues, including forgotten passwords or resets (73%) and employees creating weak passwords (70%).
- Half of users (50%) are still sharing passwords through insecure methods, like email or Slack.
Security training can do only so much. According to the report, only 45 percent of employees receive ongoing security awareness training, and for those that do, they would go to extreme lengths to avoid it — one in five (22%) admit they would rather be stuck in rush-hour traffic, and one in ten (11%) prefer a root canal.
SSO is not enough to curtail the growth of shadow IT
According to the report, single sign-on (SSO) has been unable to keep up with the growth in unmanaged applications used for corporate purposes. Nearly 40 percent (39%) of employees are using apps not managed by their company on work devices, creating a cohort of “shadow credentials” that enterprises typically lack visibility and control over.
Also Read: Ensuring High Availability in a Multi-Cloud Environment: Lessons from the CrowdStrike Outage
At the same time, IT leaders estimate that, on average, 37 percent of their corporate apps are not behind SSO — a number that is poised to increase against the proliferation of AI-based apps and tools that are becoming available.
Passwordless in the not-too-distant future
When looking ahead, there is a growing optimism around the promise of a passwordless workplace, with more than three quarters (76%) of IT leaders saying their C-Suite is pushing for passkey adoption. In a similar vein, 77 percent believe that passwordless technologies will be common practice within the next three years.
“The path forward for securing credentials combines passwordless with an integrated approach to detection, response and protection, rooted in ease of use,” adds Rivain. “At a time when AI has lowered the barrier to entry to effectively attack users, we need to make it easy for businesses to empower their employees to become their company’s greatest security asset.”
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
