INTELLIGENT ENTERPRISE SECURITY
Passwords still weakest link in
security environment
Single sign-on and multi-factor authentication are ways to get around weak user
passwords according to Kamel Heus at Centrify.
H
ackers got hold of over one
billion identities last year,
as data breach incidents just
kept on escalating. If ever a statistic
highlighted the failure of current
approaches to protect corporate systems,
it is this one. In fact, two-thirds of
organisations have experienced an
average of five breaches over the past two
years, according to Forrester. The tens of
billions of pounds CIOs invest in security
every year just are not getting to the
heart of the problem: passwords.
Nearly two-thirds 63% of data
breaches involve weak, default or
stolen passwords, according to Verizon.
To stand any chance of success,
organisations desperately need to
38
rethink their approach to security. And
this must start with a new focus on
increasing the maturity of their Identity
and Access Management programmes.
Why are passwords the Achilles heel of
modern IT systems?
Because they can be easily
compromised via phishing attacks and,
or info-stealing malware, allowing
attackers to walk right through the
virtual front door to the organisation.
Privileged account credentials, such as
those belonging to IT administrators,
are particularly highly prized as they can
offer unfettered access to stores of highly
sensitive IP and customer data. In fact,
Forrester estimates that 80% of breaches
involve these log-ins.
Think IT staff manage their passwords
more securely than regular users?
Think again. Frequently they are guilty
of the same bad habits: simple, easy to
guess or crack credentials, extensive
password reuse and even log-ins written
down on post-it notes. And even if your
staff are strictly vetted and managed, can
you say the same for your contractors
– often targeted by hackers as one of
the weakest links in cybersecurity? By
maintaining this outdated approach to
identity and access management, we are
making the hackers’ job way too easy.
Today’s CIOs and CISOs are also
responsible for increasingly complex and
siloed IT environments – multiplying the
volume of passwords and identities that
Issue 05
INTELLIGENT TECH CHANNELS