According to recent DBIR statistics, 80% of hacking-related breaches are caused by compromised, weak, and reused passwords. Passwords are the entry gates to voluminous data especially from the accounts that have privileged access. So how are companies going to fight the pandemic of data breach perpetrated by hackers? Let’s have a look at IT veteran’s take on the weak credentials leading to data breaches and their advice on how to create a strong password.
Vikas Bhonsle, CEO at Crayon Software Experts India
“It is a nightmare, when suddenly one day you wake up and discover you have been hacked. Even worse when it is an Organisation. Your IT team finally realises that data has been trickling out of your organisation and the next thing is what data and how long the data has been stolen. Therefore it is extremely important to set up strong password policies. We often tend to underestimate the breach that can happen on personal devices and data. This leads to negligence in the choices of passwords and also in maintaining password secrecy.
Passwords, and particularly passwords with privileged access, are a target for hackers since they’re able to get some information from just one singular password. Not only is this an easy way for hackers to get into one account, but if your IT admin does not use unique passwords across different platforms, then there is a whole wealth of information that is available to access. So, what can we do to combat again is having strong password policies, changing our passwords frequently, having unique passwords, and not sharing our passwords with anyone.
Passwords lead to 99% of the total data breaches and hence are no longer the primary method of authentication. Hence, it is important that individuals employ a Multifactor Authentication approach for all their devices. Some software uses biometrics to authenticate users by using their computer’s webcam or fingerprint reader. Since passwords are easily forgotten and stolen, organizations need to adopt better processes and tools to empower their people to stay safe while being productive. Hardware devices also need to be protected. A quality internet security software is very important that includes proactive defence against new threats, rather than just basic antivirus protection. Organisations must educate the employees about phishing mails, and attachments in unsolicited messages.
It is being discussed in the industry that the coming times may become password less. We are moving towards that, but before we reach, it is important that we adhere to certain hygiene practices.”
Prashanth G J, CEO at TechnoBind
“Password management or the lack of it I believe is coming up as the single largest source of a data breach in organizations. While weak passwords or sharing of passwords have been a problem for years, what is now emerging is the problem of privileged users and access. Privileged user accounts provide enhanced access rights to critical systems and sensitive data and what makes it worse is that they are pervasive throughout the organization and can include applications, systems, or individual user accounts. These accounts tend to be the ones that the hackers are looking to target simply because of the kind of foothold it can give the hacker into the corporate networks which he will exploit to move stealthily anywhere in the network thereby resulting in a completely breached environment. In-fact one the Forrester Research estimates that close to 80% of security breaches involve the theft of privileges.
The recourse to this should be a mix of systems and processes on one side and robust tools on the other side. While educating the users on how to manage their passwords is very critical organizations should look at adopting tools that will make the password management idiot-proof and take out the human angle as much as possible. We at TechnoBind have helped quite a few customers with these privilege management solutions, even before this COVID crisis which has necessitated this remote working need – helping customers look at going beyond password!.”
Shibu Paul, Vice President – International Sales at Array Networks
“In 2017, 63% of the hacking-related breaches occurred as a result of weak passwords that could be easily stolen. Three years on, the number of data breaches stands at 80%. Weak and reused credentials are at the centre of such breaches. To keep attackers away, enterprises would have to strengthen their defences to knockdown the malware that could secure privileged credentials. Companies will have to implement two-factor or multi-factor authentication and compulsorily reset passwords to keep such breaches at bay.
What many fail to realize is that it’s not just random passwords that hackers are interested in. Their primary targets are passwords that open doors to privileged access. The overall security of an enterprise reflects on how the network credentials are managed. Comprehensive authentication and access control should always be an enterprise’s number one priority. Array Access Gateway(AG) Series address challenges faced by enterprise, service provider and public sector organizations in providing secure remote and mobile access to applications and cloud services. The AG Series adds an additional layer of defence against unauthorized access and misuse of data and applications through interoperability with 3rd party dual and multi-factor authentication solutions. Yet, all enterprises must take it upon themselves to ensure that their employees, irrespective of ranks have secure and strong credentials to prevent and mitigate data breaches.”
Gurpreet Singh, Managing Director at Arrow PC Network Pvt Ltd (Titanium Partner – Dell Technologies)
“Passwords have become the passé. Why enterprises struggle with password security is mainly dependent on three factors. Firstly, employees want to reuse their existing or old passwords. Secondly, if authentication mechanisms are overly burdensome employees resort to risky or poor password practices. Finally, reusing the same password for different accounts makes it easier for hackers to gain access to multiple accounts in one go. To prevent this, on needs data with industry-leading endpoint security solutions that include comprehensive encryption, strong authentication, and leading-edge malware prevention. Dell offers Dell Data Protection Security Tools which enables multifactor, single sign-on, and pre-boot authentication solutions along with centralized, integrated management with required encryption policies to keep the credentials safe. To eliminate any chance of passwords being hacked it is always better to diligently observe the ‘password best practices’ like coming up with strong passwords that are hard to hack. Creating strong, unique passwords and not sharing them as well as using a password manager can help to keep data breaches at bay. Multifactor authentication helps to minimize the impact of stolen credentials. Though education and training are important in raising employee awareness, putting effective tools in place – like a password manager and multi-factor authentication – ensure that best practices are default and embedded into the company’s security culture.”