A fundamental lack of IT security awareness — particularly in the area of password control and privileged logins — is potentially paving the way for more waves of data breaches, new research reveals.

Conducted by the Lieberman Software Corporation, the Password 2011 survey paints a vivid picture of password chaos among IT professionals and a general apathy about password security among their senior management.

More than a quarter of the 300 surveyed IT professionals said they were aware of an IT staff member abusing privileged login information to illicitly access sensitive information. At the same time, nearly half of the IT professionals surveyed said they work at companies that are not changing their privileged passwords within 90 days — a violation of most major regulatory compliance mandates and one of the key reasons hackers are still able to compromise the security of large organizations.