Most Organizations Stick to Legacy Password Security Practices Despite Experiencing Cyberattacks

A young internet geek working online, hacking login passwords of social media users concept with glowing drawn keys on the wallIn a surprising twist, new data sheds light on the lack of proper security around passwords and authentication by IT at a time when cyberattacks are all but an absolute given.

Passwords sit firmly at the center of nearly every security model and cyberattack. Whether being used to grant appropriate access for an employee or lateral movement for the cybercriminal, authentication via passwords is a necessary step. So, it’s important for organizations - IT in particular - to use proper password hygiene and best practices to ensure the security of their accounts.

But according to Ponemon’s latest research, the 2020 State of Password and Authentication Security Behaviors Report, IT pros have a bit of password security to work on:

  • Two-thirds of IT organizations use older best practices such as requiring periodic password changes (67%), a recommendation Microsoft has officially killed.
  • Only 50% of IT pros use multi-factor authentication and a little more than a third (36%) require the use of a password manager for elevated credentials.
  • 20% don’t take any steps to secure passwords

This all comes at a time when organizations are experiencing cyberattacks like never before, including a 41% increase in ransomware attacks, data breaches starting with a phishing attack, and business email compromise responsible for a total of $26 billion in losses.

Credentials are the lifeblood of nearly every type of cyberattack including ransomware, remote desktop attacks, business email compromise, island hopping, data breaches, and insider threats. Organizations need to shore up their policies to ensure passwords are secure by utilizing proper length and complexity, the use of multi-factor authentication, and utilizing other authentication methods (such as biometrics).

Users need to be educated on not just what the organization’s password policy is, but why. Security Awareness Training helps to educate users on their role as part of the organization’s security – from good password hygiene to vigilance when interacting with email and the web, users can elevate an organization’s security posture. All it takes is a little ongoing training.

Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews