The Root Causes of Compromised Accounts at the University

Abstract

Compromised usernames and passwords are a continuous problem that several organizations struggle with even though this is a known problem with known solutions. Passwords remain a problem for the modern University as it struggles to balance the goals of academic openness and availability versus those of modern cybersecurity. Through a case study, this paper researches the root causes of why compromised user accounts are causing incidents at a Scandinavian University. The applied method was root cause analysis combined with a socio-technical analysis to provide insight into the complexity of the problem and to propose solutions. The study used an online questionnaire targeting respondents who had their accounts compromised (N=72) to determine the probable root causes. Furthermore, the socio-technical approach consisted of the Security by Consensus model to analyze how causes interact in the system layers. We constructed a scoring scheme to help determine the plausible root causes of compromise, and here we identified password re-use across multiple sites (41.7%) as the most probable cause of individual compromise, followed by weak passwords (25.0%), malware infections (19.4%) and phishing (9.7%). Furthermore, the socio-technical analysis revealed structural problems, especially at the ethical-cultural and administrative-managerial layers in the organization as the primary root causes.