Since the start of the COVID-19 pandemic, our lives have been turned upside down and much has been put on hold. However, the same cannot be said for the cyber-landscape. In fact, the opposite is true as COVID-19 has actually served to increase security vulnerabilities.
With remote working now the norm, this has expanded the threat landscape and bad actors are working overtime to take advantage of the situation. As a result, 2020 has seen an explosion in the growth of malware, spam, phishing and credential stuffing attacks. According to INTERPOL, there has been a 36% increase in malware and ransomware, a 59% increase in phishing, scams, and fraud, and a 14% increase in fake news. This, coupled with the rush to adopt new cloud systems and remote access solutions, has driven up the number of breaches in 2020.
Many organizations think that in order to mitigate the risks they must invest in innovative new solutions, but it’s also vital that companies review security fundamentals like the password. The latest Verizon Data Breach Investigations Report found that a staggering 81% of hacking-related breaches result from compromised passwords. With lax password security the dominant fault line, securing the password layer needs to be a critical enterprise priority. As distributed workers create new accounts and credentials, companies need to deploy a layered approach to authentication to ensure that only strong, unique and uncompromised passwords are in use.
By adopting the five steps outlined below, enterprises can control access and strengthen the authentication layers reducing the risk of a successful attack.
- Make multi-factor authentication mandatory: To reduce the threat from the increase in cyber-scams such as phishing and ransomware, IT teams must install additional multi-factor authentication for logins. This will help ward off the threat from COVID-19 related threats and suspicious activities.
- Educate employees: Security is everyone’s responsibility, and training helps make everyone more alert. As cyber-criminals tap into fears around the virus, it’s important to remind employees how to detect potential scams, lures and phishing attacks. Highlighting how hackers exploit the pandemic for their own gain can help ensure that employees pause to think rather than click on every link.
- Real-time threat intelligence: Companies need an automated tool that continuously detects compromised passwords, ensuring that they have immediate protection should credentials appear on the internet or Dark Web.
- Focus on password exposure, not expiration: Organizations need to retire the dated policy of enforced password resets and only change them if they are exposed. This reduces the burden on the IT team and, in turn, helps users choose stronger passwords as they do not need to keep changing them.
- Automated assurance: By screening passwords on a daily basis, in addition to at creation, organizations have continuous password protection without adding to the IT team’s workload. Should an existing password become vulnerable the remediation steps are automated, ensuring that action is taken immediately without relying on human intervention.
As cyber-criminals continue to exploit new vulnerabilities and look for ways to circumvent security measures, IT teams need to adapt and become more agile to help keep these nefarious actors at bay. Rather than rushing to integrate the latest innovative security tools enterprises need to shore up their cybersecurity strategies and not overlook securing the password layer. A dynamic threat intelligence solution like Enzoic can put password security woes in the rearview mirror, allowing organizations to stay a step ahead of cyber-criminals. Find out more about Enzoic for Active Directory here.