Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Most Organizations Stick to Legacy Password Security Practices Despite Experiencing Cyberattacks

Stu Sjouwerman | Feb 21, 2020

A young internet geek working online, hacking login passwords of social media users concept with glowing drawn keys on the wallIn a surprising twist, new data sheds light on the lack of proper security around passwords and authentication by IT at a time when cyberattacks are all but an absolute given.

Passwords sit firmly at the center of nearly every security model and cyberattack. Whether being used to grant appropriate access for an employee or lateral movement for the cybercriminal, authentication via passwords is a necessary step. So, it’s important for organizations - IT in particular - to use proper password hygiene and best practices to ensure the security of their accounts.

But according to Ponemon’s latest research, the 2020 State of Password and Authentication Security Behaviors Report, IT pros have a bit of password security to work on:

  • Two-thirds of IT organizations use older best practices such as requiring periodic password changes (67%), a recommendation Microsoft has officially killed.
  • Only 50% of IT pros use multi-factor authentication and a little more than a third (36%) require the use of a password manager for elevated credentials.
  • 20% don’t take any steps to secure passwords

This all comes at a time when organizations are experiencing cyberattacks like never before, including a 41% increase in ransomware attacks, data breaches starting with a phishing attack, and business email compromise responsible for a total of $26 billion in losses.

Credentials are the lifeblood of nearly every type of cyberattack including ransomware, remote desktop attacks, business email compromise, island hopping, data breaches, and insider threats. Organizations need to shore up their policies to ensure passwords are secure by utilizing proper length and complexity, the use of multi-factor authentication, and utilizing other authentication methods (such as biometrics).

Users need to be educated on not just what the organization’s password policy is, but why. Security Awareness Training helps to educate users on their role as part of the organization’s security – from good password hygiene to vigilance when interacting with email and the web, users can elevate an organization’s security posture. All it takes is a little ongoing training.

Topics: Security Awareness Training Password Security

Are your user’s passwords ... P@ssw0rd?

Identify which users are using easily guessable or brute-forceable credentials before cybercriminals do. 

Get Your Weak Password Test

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All