“With remote and hybrid work gaining momentum and the rapid development of new technologies such as AI/ML, IoT and blockchain, etc., the complexity and sophistication of cyber-threats has grown multifold. In the wake of the global pandemic, the internet has enabled multiple and seamless ways of connecting people and powering sectors like digital healthcare, education, and commerce. The pandemic generated new ways for cyber attackers to target an individual’s and organizations’ vulnerabilities with data-harvesting malware, ransomware, online scams, and phishing. The Indian Computer Emergency Response Team (CERT-In) reported more than 2.12 Lakhs cybersecurity incidents this year (till February 2022).
This has called for an urgency within organizations to foster a secure culture to prioritize cyber hygiene among its workforce. In order to identify and mitigate cyber vulnerabilities efficiently and effectively, organizations need to develop a defined vulnerability program. It’s high time for organizations to follow best practices to protect their assets by leveraging secure access to their infrastructure and applications through Multi-Factor Authentication (MFA), User behavior analytics, secure remote access, etc. Organizations should implement ongoing training mechanisms for the users to be able to identify and report any suspicious email/file or URLs before it causes any significant impact. Constantly improve their vulnerability management program to reduce their remediation timelines and continue to focus on augmenting their incident detection and response procedures.” – Satya Machiraju, VP, Information Security, Whatfix
“We are in a hybrid world today where many people are sharing devices and blending home and work life more than ever before. Passwords are not secure anymore and users end up exhausting the same password across multiple platforms. While educating users about password security is of utmost criticality, it also becomes imperative to have visibility that highlights if any password has been compromised such as credential theft in an organization and the vulnerabilities it brings along.
To ensure that strong passwords are a part of your cyber hygiene, users should impersonalize their passwords by removing personal information, avoiding the same passwords across platforms as this creates avenues for hackers to guess and potentially attack them, and finally, using a password manager to manage multiple passwords across platforms. As we continue to accelerate the use of technology, the value of data and the risks associated with data exposure only increase. At Trend Micro, we strongly believe that security is not an afterthought. With our premier solutions like Vision One, we aim to give risk dashboards to enterprises so that timely action can be taken to mitigate the risks introduced.” – Sharda Tickoo, Technical Director, of Trend Micro
“The problem of identity-centric compromises (password/credential thefts) is well documented. CrowdStrike’s Global Security Attitude Survey 2021 identifies this vector as one of the prominent security concerns for respondents from India with 49% saying they are worried about identity and credential theft.
Therefore, it is important for organisations to ensure adequate security controls exist to protect their identities; this can be obtained by adopting a zero-trust approach, by deploying and operating identity threat protection capabilities and by enlisting an expert and utilising a modern managed detection and response capability that can detect and respond to identity based threats. Cyber security awareness, training and education also play a critical factor and should be part of an organisation’s overall security program. On this World Password Day, it is important to create awareness around the importance of the identities and the need for good password security.
Today, we live so much of our lives online. We have become accustomed to sharing our personal information, often without considering the potential ramifications.
Individuals also should be concerned about password and credential thefts, as much of our lives are lived online. Below are some practical steps that individuals can take to improve the cyber security resilience of their identities:
- Always change default passwords and enforce strict password rules; weak passwords are a common culprit that let cyber criminals compromise credentials and use such credentials to further perform malicious activities. When it comes to passwords, consider using a unique, long and complex password. Protect your identity and never use the same password in two locations.
- Avoid clicking on malicious links or URLs that you are unfamiliar with; avoid entering your credentials into untrusted websites.
- Keep up to date on the latest scams and learn how to spot an attack.”
-Fabio Fratucello, Chief Technology Officer, Asia Pacific and Japan, CrowdStrike
“Netflix’s recent move to crack down on password sharing has a silver lining for consumers. Keeping the use of a single account and password to a single user means fewer opportunities for identity theft, fraud or other potential damages to the primary user. It’s been a challenge since the advent of computers, and shared passwords are nothing new, even in the corporate environment. But as our online presence is increasingly tied to our financial services, shopping and delivery services and our reputations, it’s becoming more important that we all take the credentials we use seriously and protect them as much as we can.
“Sharing passwords means there are many people who can access account information about users: account information that could be used to gain access to other systems like email or online banking. And since most people tend to use the same password over and over again at multiple sites, this creates a very dangerous proposition with each additional person who knows the account name and password. Even if there is a level of total trust between the users involved, it does increase the attack surface for a cybercriminal to compromise any of the systems or devices of any of the users sharing the password, and ultimately gain control of the account.
“While slightly less convenient, refraining from sharing passwords is a better step toward protecting our online identities and everything that’s associated with it. Consumers will be impacted by the monthly subscription cost, but, at least they’ll be taking a step toward preventing far greater impact from identity theft and fraud.” – Nathan Wenzler, chief security strategist, Tenable
“World Password Day is a great opportunity to remind everyone about the importance of protecting data within organisations as well as your own personal data.. Cybercriminals today are more sophisticated at obtaining usernames and passwords making it easier for them to conduct a data breach. Today is a great opportunity to remind ourselves of a few simple steps to improve our data security.
A first step is to bolster their approach to authentication. Simply having a username and password is no longer enough. We need to move beyond this to adopt more secure processes, such as two-factor authentication or multi-factor authentication.
The second step is the adoption of Zero Trust across the enterprise network. This means that no trust is given automatically to users – instead it is earned through logging in patterns and behaviours, which facilitates tighter security. Also, employees are only given access to data, apps and systems that are related to their daily jobs meaning that if passwords are compromised, the subsequent damage is limited.
While following these important steps to stay data-aware is always beneficial, World Password Day is a great reminder for us all.” – Gee Rittenhouse, CEO of Skyhigh Security
“While the pandemic accelerated digital transformation in the past two years, cybercriminals increasingly capitalised on the new hybrid work environment to hack businesses and access their sensitive data and assets by compromising the identities of employees. This has shone an even greater light on the need for having a reliable password strategy. Just as a master key can open all doors within a building, some of our online identities can also be abused by threat actors to access our private data, as well as the assets of organisations we work with. On World Password Day 2022, organisations must take a pledge to educate employees, vendors, and other stakeholders to maintain appropriate password hygiene, avoid password reuse, implement multi-factor authentication wherever possible, and monitor for suspicious activity on their systems and networks. To avoid identity theft, having situational awareness regarding common attack vectors and emerging threats becomes crucial for all individuals and organisations. The security strategy of an organisation must not only include the best practices for setting and managing passwords and regular password changes, but also the response plan for when password leaks occur, in order to prevent threat actors from gaining privileged access to their internal systems and networks.” – Akshat Jain, CTO & Co-founder, Cyware.
As enterprises continue with hybrid work models, the resulting digital transformation will put Cloud adoption at the forefront. This equates to greater emphasis on data and asset confidentiality in multiple spaces. Strong identity management will be essential to prevent breaches. Without robust Identity & Access Management (IAM) policies in place, even the most advanced tools in the security stack will not be enough to comprehensively secure the enterprise.
The latest Cloud Threat Report by Palo Alto Networks’ threat intelligence team Unit 42 analysed 680,000+ identities across 18,000 cloud accounts from over 200 different organizations and discovered that:
- Nearly all cloud identities (99%) are overly permissive, and many grant permissions that are never used.
- 53% of cloud accounts allow weak password usage (<12 characters) – 44% allow password reuse.
- 62% of organisations have publicly exposed cloud resources.
These findings indicate that when it comes to IAM in the Cloud, organisations struggle to put good governance in place, opening the door for malicious actors to have wider access to cloud environments. This has given rise to Cloud Threat Actors, i.e., individuals or groups that threaten organisations through directed and sustained access to their cloud platform resources, services, or embedded metadata.
Therefore, on World Password Day 2022, pushing for strong password policies on the enterprise and individual levels is the need of the hour. Such policies must include:
- Complexity – using more than 12 characters along with a mixture of symbols, numbers, and alphabets.
- Expiry and repetition limits – passwords expire after a set amount of time and cannot be repeated.
- Brute-force prevention – users are locked out after a number of failed attempts.
As the lines between home and corporate networks blur, these policies will be of particular importance to end users as they lack 24×7 access to enterprise-grade security. So, understanding the need for strong cyber readiness, undertaking the necessary practices to ensure the same, and adapting these practices for an ever-evolving threat landscape will be crucial. Additionally, going beyond password policy and embracing methods like multi-factor authentication and biometric identification could help in providing a much-needed extra layer of security. – Huzefa Motiwala, Director – Systems Engineering for India & SAARC, Palo Alto Networks
In today’s fast-evolving and mutating digital age, securing your information and protecting your privacy is extremely important. With our AI-backed analysis, we have realized that the key to any smooth-functioning digital process is its security. As a rule, password protection needs to be robust – more so today, due to the transition to a blended model of working, where many people blend their personal and professional working methods, as well as devices. Similar or shared passwords might become a liability to the individual and to their company, making both parties prone to attacks. This World Password Day, we urge everyone to secure their accounts, information, and privacy by strengthening their passwords and also to use 2-factor authentication wherever possible. Small steps like this will go a long way in securing entire ecosystems of data and privacy.’ – Mr. Mahesh Kulkarni, MD & Co-Founder, AFour Technologies