Website breaches, password dumps, passwords written on Post-It notes and stuck under keyboards. Yes the latter still happens.
The commentary by Chern-Yue Boey, Senior Vice President, Asia-Pacific, SailPoint, for World Password Day is a timely reminder that vigilance is always needed.
With as many as 4,000 password attacks occurring per second globally, the vulnerability of user passwords has become more pronounced with a tenfold increase in attacks in the past year alone.
None of us are immune, sometimes through no fault of our own, to breaches.
Despite years of industry discourse on the perils of weak passwords, organisations continue to underestimate the risks associated with relying solely on passwords to safeguard valuable information – with login and access passwords serving as the Achilles heel exploited by hackers to breach corporate networks.
Passwordless solutions have emerged as a promising alternative, incorporating technologies such as biometrics, authenticator apps and tokens. However, it remains crucial for organisations to recognise that these alone do not ensure security. Malicious actors often also exploit weaknesses in business systems lacking least privileged access controls – especially in today’s dynamic threat landscape, where compromised identities often serve as the primary trigger for majority of data breaches.
A little personal anecdote, I currently have over 1500 entries in my password file. Some 6 years ago an oversight with an old password and 2FA recovery token during a tumultuous time resulted in unauthorised access to one of my accounts. While ultimately it was not devastating, but it certainly was an inconvenience with long lasting consequences that still continues to this day.
For businesses, the consequences are costly, making them susceptible to a barrage of attacks once cyberattackers get one foot in the door. In fact, IDC’s recent report found that a staggering 59% of enterprises in APJ have fallen victim to ransomware attacks, with 32% ultimately paying the ransom. Furthermore, the advent of AI has exacerbated the risk for businesses, empowering even novice cybercriminals with accessible means to launch even more complex and sophisticated threats.
Instead of viewing passwordless authentication as a standalone solution, organisations should seamlessly integrate it with a robust identity security framework. Given that organisations are set to manage up to 10% more identities over the next 3 years, it is critical for organisations to have the capability to manage access levels across all identities within the entire IT ecosystem. A unified, integrated identity security approach gives organisations full visibility into their identity landscape, enabling them to swiftly detect and prevent unauthorised attempts to access privileged information or systems, and detect any irregular activities early as a reliable fail-safe.
It is not just corporations that are at risk or need to take on the risks and responsibilities. We all hold multiple accounts in this day and age, some people have opt for the convenience (and danger) of single sign-on such as with your Google, or Facebook account. Each of us have an ownership to protect our accounts.