Is it time to ditch passwords altogether?

Cybersecurity is a priority for businesses and national infrastructure alike. The current invasion of Ukraine has many observers pointing to a potential wave of cyber-attacks as Russia seeks to punish the West using non-military means. Indeed, even President Biden was recently moved to issue a statement regarding his nation’s cybersecurity. Biden’s words were prompted by evolving intelligence that the Russian Government is indeed exploring options for cyberattacks against its perceived enemies.

The threat from Russia notwithstanding, never has it been more important for businesses to bolster their defences against cyber-attacks of any description.

In the UK, the Information Commissioner’s Office (ICO) takes a very dim view over companies who are ‘easily’ hacked. In one recent ruling, whilst accepting that the primary culpability rested with the attacker, a judge ruled that the legal firm in question had an exploitable weakness and was ultimately in charge of personal data. Specifically, the ICO noted that this firm had not used multi-factor authentication for remote access to its systems – even though this has been recommended since 2018. Apart from the fine that was issued for this breach, reputational damage must also be considered.

In the face of such multi-factor authentication advice, what part should passwords be playing in your organisation’s cybersecurity strategy?

In many cases, cybercriminals get their hands on passwords by means of some sort of phishing attack. Another approach is to pilfer credentials from an inadequately protected site and try them on another site in the hope that some may have been reused. Not having passwords then (in the traditional sense) would seem to make sense.

For the majority of businesses, managing passwords is a big headache and costly to boot. We have seen that passwords can be easily exploited by criminals so it seems logical you should investigate passwordless authentication. There are a number of advantages to living in a passwordless environment. Your people will enjoy a better user experience (no faffing about with forgotten passwords), easier management for the IT department, bolstered security, and less downtime time for workers – imagine the cost implications where a key fee earner is unable to access resources because of a forgotten password – time is money.

And a key driver to find a potential solution for many firms has been the uptake of mobile/smart devices. With more and more people relying on their mobile devices to get ‘work’ done, especially over the last couple of years due to working from home (WFH) and remote working practices, organisations have had to face fresh technology challenges. Under these conditions, asking your people to enter numerous passwords using a mobile device can be demanding and offer weak spots of entry to hackers.

And, worryingly, last year saw a massive surge in malware attacks against both individuals and organisations according to this report. What some are now referring to as the ‘COVID bounce’, meant that whilst 2020 was relatively quiet on the cyberattack front, 2021 saw year-over-year malware detections jumping by 77% – with business-focused threats rising by 143%. Mobile malware is becoming an increasingly everyday threat to firms of all shapes and sizes. Research indicates that the cybercriminal fraternity are increasingly expanding their tooling to target mobile devices.

Ransomware is a very real threat with attacks on the rise. The term is often used interchangeably with malware although security experts tend to view ransomware as a subset of malware. Those behind ransomware attacks are keen to target organisations that tend to hold/store very sensitive or classified data. Once attackers have gained full control of your organisation’s systems, ransomware will then restrict access to all your sensitive and confidential client information until you pay a ransom. If you have been hit by a ransomware attack you will usually wake up to a locked computer screen or realise that some, or all, of your files have been encrypted. There will usually be a demand from the ‘kidnappers’ of your data for a sum of money in exchange for a ‘key’ that will unlock your system and open your files. It is difficult to estimate how badly businesses are affected by ransomware attacks because many will happily pay a ransom to avoid any negative publicity glare – attackers are fully aware of this. And ransomware can strike via any device. They will happily restrict access to your desktop PCs, to any smartphones used by your people and even tablets.

With people needing to reach key resources from outside of the traditional network perimeters of yesterday, many of today’s smart devices have as much access to your organisation’s information as traditional endpoints. With remote working (even partially) becoming a reality for most now, it is a good time to evaluate your approach to mobile. The reliance on mobile devices continues to grow, usually with people using their own devices (or using personally enabled devices) to get their work done. And because most of these phones are not managed devices, the risk to your business is very real indeed.

So how can you best approach these new working conditions? A step in the right direction would be to consider adopting a ‘zero trust’ approach. Under these conditions, security is all about eliminating implicit trust – trust nobody (until you should). Zero trust empowers you to provide conditional access to sensitive data/information – as a result you only let the right person have access to the right information at the right time – no blanket access for all.

Password hacking is how most security breaches happen. They are certainly a weak point in computer systems and cyber-criminals regard them as soft targets. Weak or stolen credentials highlight the need for your business to rely on more than just passwords to secure your accounts, your inboxes and all your sensitive client information. Don’t give the ICO a reason to come knocking.

Steve Whiter

Steve Whiter is Director of Appurity

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...