World Password Day 2022: Contending with the evolving threat landscape

It’s World Password Day on 5 May and Business Reporter asked six leading experts for their tips on keeping cyber safe with strong passwords

 

World Password Day serves as a crucial reminder that as technology advances, so does the relentlessness and sophistication of threat actors, ransomware and cyber attacks. Indeed, with malicious actors constantly honing their craft and cyber-security incidents on the rise, the length, variety and frequency with which we update our passwords must progress at the same pace.

 

However, this isn’t always the reality. Patrick Beggs, CISO at ConnectWise, reflects: “In the early days of the world wide web, you were probably able to get away with a password as simple as ‘12345’. Times have changed since then, but humans remain predictable.

 

“Research has found that women typically include personal names in their passwords while men often use their hobbies. And experienced hackers also know the common vowels, numbers, and symbols that often appear in passwords.”

 

An evolving threat landscape

While the worst of the COVID-19 pandemic is behind us, its impact on the world will continue to be felt for years to come.

 

Sascha Giese, Head Geek at SolarWinds, notes, “while the worst of the COVID-19 pandemic is behind us, its impact on the world will continue to be felt for years to come.”

 

One of the changes we saw during these two years was the massive uptick in cyber attacks, with one report finding 62% of SMEs in the U.K. saw an increase in attacks during this period.

 

“With so many more people working remotely—and therefore outside of the relative security of their offices—every sector has seen cyber criminals attempt to take advantage,” Giese adds. “For the public sector, the risks of an attack are arguably higher than in the private sector, as public services from hospitals to transport could be shut down within minutes of a successful attack.”

 

“Cyber-security breaches are at an all-time high but there are three simple things we can all do to protect ourselves,” agrees Beggs. “First, prioritise length over complexity, because we aren’t very good at remembering complex passwords, and longer ones are more secure.

 

“Second, only use platforms with multi-factor authentication -- a password alone is not enough to protect you. And finally, never reuse. Most breaches happen when a password from one platform is used with another system that shares the same password.”

 

Let tech do the talking

Organisations continue to wrestle with the logistics and cyber-security implications of managing significant remote working deployments.

 

“We can all do ourselves a favour by utilising complex passwords, storing them appropriately, and backing them up with multi-factor authentication,” advises Andy Swift, Technical Director – Offensive Security at Six Degrees. “Use a reliable password manager and resist the urge to go back to using ‘Monday1’ for everything.

 

“And remember that no matter how complex your password is, it is still susceptible to a brute force attack unless it is backed up by multi-factor authentication. So whenever you’re accessing a web application, a VPN through a laptop at home, or any point of contact between the internet and your IT infrastructure, make sure multi-factor authentication is in place to minimise the risk of illicit access and data breach."

 

“Reusing passwords can put you at risk of financial loss and identity theft, and it is a major cause of cyber breaches in the workplace,” Richard Barretto, Chief Information Security Officer at Progress, agrees.

 

“Password managers like LastPass, Dashlane and Keepass are must-have tools for everyone helping to protect our passwords, and ultimately our digital lives. I don’t know any of my 100 passwords - neither should you. Mine are all stored in my password manager. I strongly recommend a password manager solution should be everyone’s first choice to generate passwords on your PC, MAC, and mobile devices.”

 

Gregg Mearing, Chief Technology Officer at Node4 adds, “regardless of the strength of the password, it should still be changed every couple of months and a two-step verification (2SV) - also known as two-factor authentication (2FA) or multi-factor authentication (MFA) - should be used where possible. This provides an extra layer of security so that, should your password be leaked in a data breach, access to your personal information is still denied.”

 

A cyber education

With just 17% of people changing their password every few months, education on password best practice is crucial for protecting personal information.

 

Neil Jones, Director of Cybersecurity Evangelism at Egnyte, urges: “Educate your users that frequently-guessed passwords such as 123456, password, and their favourite pets’ names can put your company’s data and their personal reputations at risk. Reinforce that message, by reminding users that passwords should never be shared with anyone, including your IT team.”

 

“Informing users about the dangers of social engineering and spear-phishing is also important,” adds Jones. “Remind users that unanticipated email messages, texts, and phone calls can be attempts to capture their login and password credentials. When proper login credentials are entered, malware can be initiated that will place your organisation at risk of an even wider and more destructive cyber attack.”

 

Positively, Mike Hendrickson, VP of Tech & Dev at Skillsoft, reflects that “as the volume and severity of malicious attacks continues to rise, so is organisations’ and employees’ attention to training and learning. From 2019 to 2021, Skillsoft observed nearly a 60% increase in the total number of hours that enterprise learners are dedicating to security content consumption.”

 

Hendrickson concludes, “if we can continue this upward trend, we’ll all be better positioned to protect our information and prevent malicious activity damaging our personal and professional accounts.”

 

---

 

Main image courtesy of iStockPhoto.com