On the occasion of World Password Day, TECHx Editor Rabab Zehra obtained an exclusive interview with Jawad Toukna, Director Regional Sales Middle East & North Africa, Forcepoint, to explore password-free technologies, threats to an organization’s IT protection, and how password security can be maintained.
Jawad: Passwords have traditionally been the key that unlocks a single digital user or entity. However, we can no longer rely on passwords alone to identify genuine users and protect our critical data. If a password is stolen or compromised, we will be opening the digital doors wide to unauthorized users – if we relied on passwords alone.
This is where additional cybersecurity technologies must be layered in. Security teams should consider multi-factor authentication and identity access management tools. Underpinning this should be a strong data protection programme with data loss prevention technologies, so that even if an authorized user attempts to exfiltrate data (and insider threat is still a problem!) data can be protected.
On top of this, security professionals should consider behavioural analysis and a user activity monitoring solution. These products will deliver meaningful visibility into user interactions with critical data, helping to implement a Zero Trust model and continuously validate the user – meaning that even if someone logs in with an authorized password, it’s their behaviour once inside the system which is used to judge whether they can retain access to online assets.
Passwords will remain as the front line of identity authentication, but they must be supplemented with additional measures to prevent unauthorized entry to networks and subsequent data loss.
Jawad: Criminals will use stolen identities for many uses, usually driven by potential financial gain. Data breaches and large-scale thefts of user names and passwords are concerning, particularly when you look at the impact of IP theft on data loss which may result from this.
Organizations tend to believe that multiple, layered security products will solve the problem – essentially, they keep building bigger and bigger walls. But, in this era of the ‘unbound enterprise’ (where people can and do work from anywhere and any device), organizations need to evolve from this obsolete ‘perimeter protection’ strategy.
The future is in adopting a data-centric SASE (secure access service edge) strategy that protects employees and data, irrespective of where they work or store their data.
Enabling data to be used safely is ultimately what cybersecurity is all about. With people working anywhere, you can no longer rely upon old approaches, such as trusting that their device is attached to your ‘corporate’ network to have free reign with sensitive data. You have to control how that data is used—continuously requiring explicit permission every time somebody tries to access or move that data.
Jawad: On top of robust cybersecurity technologies, of course, World Password day serves as a great reminder of the importance of observing good password protection practices.
Phishing is a common method for hackers to steal passwords. Increased training will help employees strengthen their resilience to cyberattacks. If they better understand the risks and know what systems and processes to follow, organizations will be better protected.
Strong corporate policies around password hygiene should be a given, whether this involves regular changes of password, multi-factor authentication or other UAM (user access management) tools. Best password practice recommends a random string of characters, numbers and symbols—just make sure you have a way of remembering them!