World Password Day and the key to well-rounded data security

password2

On World Password Day, it’s important to reinforce strong password hygiene — a critical component to data security, but one that merely scratches the surface. 

Written by Sam Woodcock, Senior Director, Cloud Strategy at iland Cloud, part of 11:11 Systems

For all of those still securing important passwords on a Post-it note stuck to your monitor, today is for you. Since 2013, World Password Day — the first Thursday in May — has been used to spread awareness around better password habits.

In our increasingly cyber-first world, password security is paramount. Passwords represent critical gatekeepers of our digital identities, protecting valuable information for us, our businesses, our customers, and our employers. The increase in remote work over the last couple of years due to the coronavirus pandemic, along with today’s digital sprawl, makes it all the more important to adopt strong password hygiene and better data security habits overall.  While digital transformation initiatives have enabled us to digitise many facets of the business that were not previously digital, this has created a larger attack surface and more points of vulnerability.  It also makes it even tougher for users and IT security teams to manage these necessary passwords, leading to bad habits, data breaches, downtime, loss of systems and worse.

While we recommend the password strengthening strategies generally promoted on World Password Day — such as using unique, complex phrases, frequently changing passwords, and two-factor authentication — they are still, unfortunately, not enough to ensure data security, especially not for businesses or larger organisations.

 

No-Compromise Data Security

While maintaining strong, unique passwords is an important aspect of modern data security, it barely scratches the surface in terms of the IT protection your organisation will need in 2022 and beyond.

For example, a 2018 study found that 74 per cent of data breaches start with privileged credential abuse. Meanwhile, the frequency, sophistication, and impact of cyberattacks such as ransomware continue to skyrocket — since 2019 the average cost of downtime has increased by 94 per cent and that number is only expected to go up. Furthermore, according to Cybersecurity Ventures, ransomware is expected to attack a business, consumer, or device every 2 seconds by 2031, up from every 11 seconds in 2021. Global ransomware costs are expected to rise from $20 billion in 2021 to $265 billion by 2031.

Additionally, recent research from our partner, Veeam, found that three out of four organisations have been affected by ransomware and over half of those surveyed have dealt with at least two attacks in the last 12 months.  The research found a 93% increase in ransomware attacks, which means attacks have nearly doubled in 2021 compared to 2020, likewise more of these attacks are focusing on smaller businesses.

We have also seen discussions of attempts at social engineering via fun, viral social media trends and the use of seemingly harmless quizzes online such as the ‘find your Bridgerton name’ for data scraping which relies on taking advantage of people’s willingness to share, asking questions ranging from ‘what was your first pet’s name?’ to ‘what county you were born in?’ Due to the whimsical and apparently innocent nature of these trends and quizzes, threat actors use such tactics to seize the information that is often used to create passwords and reset them.

There is no way to guarantee total immunity to potential data breaches for your organisation. But taking the opportunity to discuss the usage of passwords is the starting point of data security, therefore, today’s organisations require a much more in-depth, holistic approach to security in order to stay protected.

In recent years, we’ve seen some of the biggest companies and governments fall victim, despite their best efforts. A prime example is Colonial Pipeline which paid hackers $4.4 million in ransom for a decryption tool that restored oil operations, despite FBI and Department of Homeland Security recommendations that companies avoid paying ransoms.

However, by planning, implementing, and testing an in-depth security strategy that is multi-layered, integrated, and ready, organisations can put up a formidable fight, while also drastically limiting the damage done by internal and external cyber threats.

Let’s all make sure that we all heed World Password Day this year and also make it a highly visible event for all our employees – and that it goes way beyond passwords but other security hygiene needs to be taken into consideration.