Password security exploits are among the easiest for cybercriminals.
The password security breach. It’s the simplest exploit in the book.
The first thing any cybercriminal does when breaking into a system is try some popular passwords. IT leaders and cybersecurity researchers are routinely amazed to find out just how far hackers can go with nothing but a good guess.
You might think the hacker’s most important tools include highly sophisticated malware services or custom-built hardware, but you’d be wrong. The truth is if there are three tools hackers rely on more than any others, they are “password”, “123456” and “qwerty,” the three top guessed passwords in the book.
No organization is too large or too small to fall victim to a data breach. Beyond the high-profile, headline-making data breaches like Dropbox or Equifax, countless small businesses and mid-sized organizations have fallen prey to data breaches.
And stats from Verizon’s Data Breach Investigations Report reveals 81 percent of those data breaches leveraged stolen or weak passwords.
IT leaders need to spend more time and energy considering the strength and resilience of their password policies. Even among organizations with sophisticated security software and password management tools, executives must determine whether employees are following policy and using the tools.
All of these factors contribute to the sharp difference between the number of IT leaders who say they are concerned with password security and the number of those who actually take effective steps towards enforcing good password policy.
Understanding Password Policy Concerns for IT Leaders
The vast majority of data breaches could have been stopped or controlled with better password management. But surprisingly, IT leaders at just over one out of every three small to mid-sized business report being extremely concerned about password breaches.
This discrepancy indicates IT leaders may be falling into the trap of feature fixation. They are looking at the wrong things when evaluating security solutions for their organizations.
When IT leaders look for password management solutions for the workplace, they often get fixated on specific features without looking at the big picture. It is user adoption, not sophisticated feature sets, that result in tangible security benefits.
An expertly crafted password policy will not improve cybersecurity unless employees adopt it and follow its guidelines to the letter. Passwords can be hacked in less than a minute, so it’s imperative employees keep this in mind every time they’re required to choose a new password.
The Best Defense Is the One You Use
When organizations place a priority on user adoption, the end-user experience (UX) becomes a top priority when considering new security tools. Tools that help employees improve their efficiency and productivity are worth much more than the ones that drag back production or discourage constant use.
Unfortunately, many password management solutions don’t place a high priority on the UX. An unwieldy, difficult-to-use password manager may offer best-in-class security features when in use but will unintentionally discourage employees from using it.
IT leaders need to place a far greater priority on the UX to enjoy the practical benefits of improved cybersecurity. Those that neglect to pay attention to this all-important aspect give themselves a new weak link in the security chain.
The Time to Upgrade Your Password Security Solution Is Now
Creating a good password is hard. The better the password, the harder it is to remember.
Good password management does more than protect sensitive data; it also reduces help desk costs by limiting the number of times employees have to call their support teams for a password reset.
Today’s IT professionals have to remember more passwords than ever before, and the number of passwords they routinely use is growing. IT leaders that neglect to pay attention to these facts are setting themselves up for a rude awakening.
The average cost of a data breach in the United States in 2019 is $3.92 million. This figure doesn’t include the devastating effect of security failure on consumer brand perception. It can take years of hard, humbling work to bring a brand back into the spotlight after mishandling user data; and this is the bright side. The more common result – increasingly so as data privacy and the related regulatory landscape become more top-of-mind sensitive topics than ever – is complete loss of consumer confidence without a road back. That is what is on the line.
IT leaders should focus their attention on password security breaches — and the factors that contribute to them — far more than they currently are. Employees with access to high-performance security tools that are easy to use will adhere more completely to cybersecurity best practices than those lacking it.