As we reflect on today’s celebration of World Password Day, the first Thursday in May, pay attention to the importance of safekeeping your data. According to industry reports, the number of cases of identity theft is increasing every year. The number of cybersecurity victims is estimated to be in the millions, with an economic impact in the billions. The impact on victims, their family and businesses are said to be more than monetary. It is emotional and psychological, and it frequently causes hardship and disruption and it frequently takes months to settle and restore order. Ransomware is a significant threat to companies around the globe. Apart from the high-profile breaches, many people now know someone whose business was targeted. According to a study, the majority of corporate targets are small and medium-sized businesses (SMBs), with 72 percent having fewer than 1,000 employees and 37 percent having fewer than 100.
“Over the past year, organizations and individuals have almost completely adapted to operating within a flexible—and highly distributed—virtual environment. However, even though organizations are more well-adjusted to this digital lifestyle, the use of cloud tools and applications are still major contributors to threats against an organization’s security infrastructure. Organizations’ security teams must remain vigilant. Ensuring that the correct individuals have visibility over network activity and can utilize remote access controls is critical. Organizations need to make certain that remote work nor the use of BYOD practices are allowing the exposure of sensitive company data. World Password Day serves as a great reminder that even though operations have been streamlined to accommodate the new world of work, user access/authentication and data protection are still very present security sensitivities that must be kept top of mind.” explained Lamont Orange, CISO, Netskope.
The scope of this type of cyber “thievery” is a relatively new phenomenon in today’s ever changing digital world and faster, more advanced processing speeds, but it has been around for thousands of years. In the Garden of Eden, the first case of identity theft was documented. The serpent was used by Satan to dupe Adam and Eve into believing that God was acting irrationally by refusing to allow them to eat from the Tree of Knowledge of Good and Evil. Discontent, jealousy, and envy drove Satan’s efforts, just as they do today’s con artists and hackers. The enemy’s strategy was built on deception, lies, and pretense.
According to Dirk Schrader, VP of Security Research at Netwrix, there are many means of authentication today and there is one for every use case: “We often hear about so-called ‘strong’ passwords and how difficult it is for cybercriminals to discover them or brute force them, based on their length and complexity. In the meantime, the prevailing sentiment in the cybersecurity space is that passwords are becoming a thing of the past due to the spread of multi-factor authentication (MFA) and implementation of biometrics as an access code.
One-time password via SMS is easily tolerated when it comes to a user’s personal bank account but becomes annoying if they need to verify their access rights this way 30 times a day. This is what we call cybersecurity fatigue. Passwords will therefore not disappear because of the human factor. They are here to stay for non-sensitive or, let’s say, not-that-sensitive accounts. IT teams shouldn’t neglect employee training to nurture the proper cyber hygiene among their fellow colleagues. Every user has to take the same precaution with passwords as with the keys to their home: do not share them, keep an eye on them, and change the lock in case of loss.”
“World Password Day is a time to stop and reflect on current password hygiene. Passwords remain one of the biggest cyber challenges for both consumers and businesses around the world as a poor password choice can make it extremely easy for cybercriminals to steal and spy on your data. As humans, we continually gravitate towards creating passwords that are easy to remember and simplistic. Incorporating a birthday or special date within a password is a common denominator, one that cybercriminals are all too aware of. Dangerously, we continue to leave it up to humans to create strong and secure passwords, despite the fact that most people have already been victims of borderline password disclosures from a person’s history of password choices.” cautioned Joseph Carson, chief security scientist and Advisory CISO at Delinea. “Having already had your previous password decisions and choices exposed means that an attacker can simply take that as the baseline and from there create variations of that. An effective password should include passphrases, a sequence of random words for added security. Regular consumers should consider deploying and utilizing a password manager to enhance and regularly rotate their log-in credentials.”
Consider the fact that what is secure today might not be secure tomorrow, therefore continuous security testing is essential. Hackers are always progressing and developing alternative techniques for breaching both new and old security systems. We take it for granted that our information will be safe until we are the victims of a breach. However, World Password Day serves as a timely reminder that we must be vigilant in protecting our passwords in order to prevent our most private and sensitive data from falling into the hands of the enemy.
Image licensed by pixabay.com