According to Enterprise Strategy Group, 63% of workers have reported using the same password for multiple work devices and/or applications. This just one statistic from ESG's upcoming 2019 Digital Work Trends Survey results.
Dave Gruber, ESG Senior Analyst explains why this is such a major problem: "Passwords continue to be the primary mechanism used for identity authentication. Credential theft is at an all time high with email-based phishing attacks topping the charts for the most heavily used method of fooling unsuspecting users." See the video here:
Gruber goes on to explain that it becomes very easy to fool users into entering their credentials on fake Office 365 login pages. Once the bad guys have those credentials, it can take just minutes for them to access other applications that use the same credentials and steal IP and other sensitive info.
So how can organizations prevent this problem? More user education is needed to help them understand the importance of good password hygiene. Organizations should also encourage their employees to use password managers rather than using the same password across many different accounts. New-school security awareness training can teach your employees about the ways they can be targeted by attackers and how to defend themselves and their organization.