Hackers are increasingly capitalizing on our volatile world—there was an increase in coronavirus-related phishing attacks in the pandemic’s early days as well as threats associated with the uptick in telecommuting and remote learning. Russia’s invasion of Ukraine is the latest example, with Russian-sponsored groups targeting the U.S. and its allies in retaliation for sanctions. Combatting these threats is a top priority for any organization but it’s critical that the heightened threat landscape not detract attention from security basics.
Cybersecurity in 2022 = The Wild West
Before delving into security best practices let’s review some macro cybersecurity trends. As mentioned, the pandemic ushered in numerous threats many of which continue to challenge enterprises today.
Hacking has also become weaponized with CISA warning against the threat from Russian state-sponsored cyber actors. Most recently, a Russian group claimed credit for a ransomware attack against the Costa Rican government, which forced the country to declare a state of emergency. While the situation is evolving, it underscores the link between political agendas and cybersecurity concerns.
Ransomware Shows No Sign of Abating
That’s not to suggest that it’s solely state-sponsored groups carrying out ransomware campaigns. Financially-motivated hackers are targeting enterprises—and utilizing increasingly sophisticated tactics to do so. Recently, there has been a shift from encrypting or stealing files to leaking (or threatening to leak) stolen information unless the ransom is paid. Some signs suggest that hackers are making more risk/reward calculations before targeting companies but, given the payout associated with a successful campaign, ransomware remains a real threat for every organization.
Digital Supply Chain Headaches Intensifying
Companies are also grappling with supply chain attacks originating through open source software using a variety of mass-market applications and operating systems. It only took 9 minutes after the Log4J vulnerability was first documented in December 2021 for the first exploit attempt to occur. That figure rose to 830,000 in the first three days until a patch was released. While the Log4J vulnerability garnered significant media attention, it is by no means an isolated incident. With open source code comprising 35% of commercial software applications and up to 75% of internally developed software, it’s no exaggeration to say that the threat surface of the digital supply chain is vast.
Organizations Strengthening Their Defenses with Emerging Technologies
Companies are turning to emerging technologies to combat today’s cyberthreats. Fueled by this demand, the AI cybersecurity market is expected to reach $66.2 billion by 2029. Emerging technologies have their place, but if enterprises haven’t addressed critical foundational security elements they will still find themselves falling victim to attack.
Security Starts at the Password Level
Credentials are among the most sought-after hacker targets, yet companies too often fail to provide them with adequate protection. Despite increased education on the risks, employees continue to share and reuse passwords with Google uncovering that at least 65% of people employ the same password across some, if not all, sites. It takes just one of these sites being breached for the password to be available to hackers on the Dark Web.
Historically, restrictive password policies have contributed to the issue. For example, mandating the inclusion of special characters or forcing employees to periodically reset their passwords. Research has documented that these and other legacy approaches actually result in weaker passwords. As a result, NIST now recommends that companies abandon these restrictive policies in favor of a modern approach to credential security.
The Credential Screening Imperative
Among NIST’s current recommendations is that companies focus on password exposure rather than expiration. After all, if an employee has had the same password for a year but it remains uncompromised, why force a change?
Companies should adopt a dynamic credential screening solution that ensures password integrity by checking passwords against known exposed blacklists as well as proprietary threat intelligence. Given the pace at which new breach data is exposed, it’s also important that this screening occurs on an ongoing basis. Should a compromise be detected, companies can automate their response to ensure that sensitive data remains protected until the employee can safely be granted access to the account.
Security researchers emphasize the importance of a layered approach in preventing the myriad of threats facing organizations today. Given the enduring popularity of credentials as an attack vector, it’s critical for one of these layers to focus on the password level. Otherwise, investing in the latest AI technology will be for naught if hackers can gain access by exploiting poor credential security.