The 2023 data from Enzoic for Active Directory Lite (also known as Enzoic for AD Lite) data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. This article seeks to provide a benchmark based on Enzoic’s audit of nearly 6000 corporate domains, with data derived from a large sample of Active Directory environments where users’ credentials were securely scanned using Enzoic for Active Directory Lite. The free password auditor has been at the forefront of monitoring and analyzing user data to identify vulnerabilities and trends within environments that can inform better security practices. In 2023, our data revealed insights that are crucial for understanding common risk factors organizations are currently seeing.
What is Enzoic for AD Lite?
Enzoic for AD Lite is an innovative, cost-free tool designed to seamlessly integrate with an organization’s Active Directory environment. This tool provides invaluable insights into various aspects of user account security, helping organizations to identify and address potential vulnerabilities effectively.
What Data Points Does Enzoic for AD Lite Show You?
Key Findings in 2023 Data
The analysis of 2023 data from over 8 million user accounts scanned by Enzoic reveals a concerning pattern: nearly 15% (1.2MM) of accounts were found to be using unsafe passwords (compromised or weak passwords). This finding is a reminder of the ongoing battle against data breaches and the need for organizations to continually monitor passwords in their environment for compromise as recommended by NIST. This significant figure stresses the prevalence of compromised passwords as a leading cause of data breaches, as reported by industry giants Verizon and IBM.
One notable trend is the persistent increase in users with duplicate passwords, at nearly 30% of all users scanned. This may be attributed to administrative oversight, such as setting a default password without enforcing a change. Such practices can create significant security gaps, increasing the chances of account compromise and lateral movement in an environment.
Another concerning observation is that roughly 10% of users scanned in 2023 had expired passwords. This points to a gap in enforcing or following existing organizational policies. It’s a clear indication that despite having policies in place, their implementation and adherence remain a challenge.
In 2023, we introduced the tracking of stale accounts and uncovered over 1.1 million such accounts. These inactive but potentially exploitable user accounts increase an organization’s attack surface. They represent a hidden danger, as they can be accessed by former employees and lack user interaction for password changes in response to compromise or policy updates. This aligns with Microsoft’s data which states that over 10% of Active Directory accounts are stale.
Alarmingly, the average number of users without passwords per domain surged from virtually none in previous years to thirteen in 2023. This represents an open invitation to unauthorized access, highlighting a critical area of vulnerability that needs immediate attention.
Industry Trends and the Cybersecurity Talent Shortage
Overall, there has been a consistent rise in the number of users with compromised or weak passwords, reaching an average of 199 per domain in 2023 compared to 192 per domain in 2022. This increase underscores the need for stronger password policies and more stringent security practices. Measures like prohibiting the use of passwords that are compromised or commonly found in cracking dictionaries are essential steps in mitigating this risk.
Interestingly, the trends in compromised and unsafe passwords mirror broader industry patterns. The cybersecurity talent shortage, particularly evident in the ‘Great Resignation‘ among CISOs may be contributing to these lapses in security. This suggests that the shortage of skilled cybersecurity professionals is leaving organizations exposed to risks, leading to outdated policies and unaddressed stale accounts. Therefore, it is crucial for smaller security teams to employ tools that can efficiently pinpoint weaknesses in their systems.
Strengthening Your Defenses
Enzoic for AD Lite is a critical tool in highlighting an organization’s risk level. The findings reveal a worrying rise in account-related risks and weak security practices, translating these risks from mere statistics to tangible threats across various organizational sectors. The increase in duplicate passwords and the alarming number of accounts without any password security, combined with over a million stale accounts, underscore the need for stronger cybersecurity measures across all industries. These issues, exacerbated by broader challenges like the cybersecurity talent shortage, demonstrate the necessity for tools like this to help organizations easily identify gaps in their environment. Its capabilities in identifying compromised, weak, and shared passwords, along with accounts that have security oversights, make it an indispensable part of any cybersecurity tool stack.
Download Enzoic for Active Directory Lite today to immediately gain crucial insights into your environment’s security status against vital risk factors.
Josh is the Product Marketing Manager at Enzoic, where he leads the development and execution of strategies to bring innovative threat intelligence solutions to market. Outside of work, he can be found at the nearest bookstore or exploring the city’s local coffee scene.