Every year, World Password Day reminds businesses that water-tight password security needs to be prioritised with the risk of cyber attacks ever-rising. ‘Pet-name’ passwords will no longer cut it. Instead, companies must take simple steps like educating staff and using new technologies to avoid serious data breaches.
With that in mind, we spoke to security experts to get their insights into how professionals can protect their data from cybercriminals.
Modern technologies protect your weakest link
Creating a ‘strong’ password is no longer the only way to practise good cyber hygiene. There are flaws in the traditional system that can be filled if the right choices are made by cyber security teams. For example, Jasson Casey, CTO of Beyond Identity, points to multi-factor authentication.
“Passwords can be guessed or obtained through social engineering tactics or easily stolen while they are unencrypted. The fact is, there is no such thing as a “strong” password. This is only important if the adversary has to unencrypt passwords”, he says.
“Passwordless, phishing-resistant multi-factor authentication significantly reduces risks that come with passwords, making it virtually impossible for attackers to gain access through traditional methods. Organisations don’t have to compromise their security or convenience. Today they can switch to a modern, secure, phishing-resistant MFA that leverages the combination of biometrics and Passkeys based on the Fast Identity Online (FIDO) standards”.
“Overall, 39% of people have had their password compromised in the last five years, showing that we must be more consistent with password security”, adds Node4’s Practice Director, Andy Bates.
“Use World Password Day as a reminder to change your passwords, utilise MFA and protect your personal information, but I believe this should be the last one of its kind – Multi-Factor Authentication Day is the way forward”!
Ian Leysen, CEO, CSO, and Co-Founder of Datadobi, agrees, and emphasizes that passwords alone cannot be the way forward: “World Password Day serves as an important reminder to individuals and businesses alike about the critical importance of password security in protecting sensitive data. World Password Day is also a reminder that as the frequency of data breaches and cyber-attacks continue to rise, we cannot rely on passwords alone.
Combining strong passwords with data governance policies and a technology solution to enforce those policies is an unbeatable approach to data protection and security.”
The individual’s contribution
Day-to-day practices can make a significant difference to password security. Every company should have plans in place to educate new and existing employees on the importance of establishing and maintaining good password habits.
“While employees are usually discouraged from re-using the same passwords across multiple apps and websites, many organisations have become complacent in enforcing such rules, particularly since the explosion of remote working caused by the pandemic”, highlights Christopher Rogers, Technology Evangelist at Zerto.
“Taking advantage of this, credential reuse or ‘stuffing’ is when cybercriminals gain access to a set of valid credentials (usually via a data breach) and then use bots to try those same credentials across hundreds of other online accounts. If the credentials have been re-used anywhere, credential stuffing will expose this, giving those same criminals legitimate access to other accounts as well”.
Leaseweb UK’s Managing Director, Terry Storrar, agrees that more can be done to avoid simple errors. “Away from the office, employees are now far more likely to practise poor cyber hygiene, for example connecting to unsafe networks, transferring work data to personnel devices, or sharing unencrypted files. And threat actors are relentlessly taking advantage of these vulnerabilities”.
“However, as concerning as these practices are, they are often relatively simple to fix. The simplest way we can do this is by developing good daily routines that work to manage the most common cybersecurity risks facing our organisations. Examples of this include keeping software up to date, backing up data, and maintaining good password practices. At the end of the day, lack of education and human error are two of the largest contributors to data breaches. Businesses need to start implementing more safeguarding protocols and make cybersecurity training not just accessible for all employees, but a basic part of onboarding”.
Tricks of the trade and how to block them
Cybercriminals are innovative and creative, but they are not invincible. Keeping up with the new methods and technologies that are being used against companies is vital to ensuring that they can be recognised – and fought. Furthermore, investing in the best cybersecurity tools will give organisations a better fighting chance.
Tom Ammirati, CRO at PlainID, emphasises that identity-focused cyber security is the key to eliminating easy routes for cyber attackers. “Security risk vectors are dynamic and fluid, and as a result, data breaches continue to challenge even the most resilient of enterprise architectures. To keep pace with the demands of digital work and life, organisations are implementing next-level technologies, processes, and policies to ensure that trusted identities have authorised access to digital assets. The goal is to allow the ‘right’ users to have access to the ‘right’ resources – and ensure the wrong ones don’t. If we can do that, then potentially we can prevent many of these breaches”.
Exabeam’s CISO, Tyler Farrar, highlights further risks that companies need to take into account. “Individuals should make sure to take steps to protect personal hardware. Adversaries can install a keylogger, a program that records every keystroke made by a computer user, without detection. When a keylogger is installed, an attacker can see every keystroke and if a user is entering a customer’s master password the attacker then has the keys to the kingdom, so to speak. Taking small steps like installing antivirus software can help avoid this scenario”.
Passwords must be considered a first-line, not the only-line, of defense, adds Don Boxley, CEO and Co-Founder of DH2i . VPNs and Software-Defined Perimeters (SDP) are gaining popularity, he says. “World Password Day is a day to acknowledge the pivotal role that passwords play in our digital lives. It is also a day that reminds us how prevalent cybercrime has become. Bottom-line, bullet-proof passwords combined with SDP provide unparalleled security to eliminate cyber threats.”
To sum it all up, in the words of Steve Santamaria, CEO of Folio Photonics: “Cybercrime is a growing threat to individuals and businesses alike. So, if you’re not taking cybersecurity seriously, it’s time to wake up and smell the coffee. The threat of cybercrime is real and growing. If you don’t take steps to protect your digital presence, you could be the next victim. Use World Password Day as a reminder to take action and employ multiple layers of protection to safeguard your digital assets.”
Time for change
Intelligent password and verification practices are well-known and widely shared; businesses can no longer excuse poor password security. Cyber attacks can bring severe financial losses and reputational damage, but it is within a company’s control to prevent these serious breaches. This year, be inspired by World Password Day and take the steps to motivate change – you won’t regret it!
Image credit: Guardian