On the occasion of World Password Day, Duane Nicol, Cybersecurity Expert at Mimecast had a one-on-one conversation with TECHx Editor Rabab Zehra. Duane discussed password-free innovations, threats associated with an organization’s IT security, and how password security can be preserved.
TECHx: Do you think traditional passwords would become extinct in the face of new password-free advances?
Duane: The short answer is no. The ever-evolving threat landscape highlights the importance of layered security. In the face of increasingly sophisticated threat actors, having additional security controls in place has simply helped to make individuals and organisations more secure; they haven’t replaced passwords. Passwords are just one step in keeping data, applications and entire organisations secure.
TECHx: With billions of stolen passwords on the Dark Web, we need to be mindful of the risks. How can you figure out what’s behind these dangers? What mistakes do organizations make when it comes to IT security?
Duane: Cybercriminals are capitalizing on poor password hygiene and a lack of cybersecurity awareness from end users to bypass an organisations’ defences – with potentially ruinous consequences. Our recently released State of Email Security 2021 report found increases in all attack types over the past year, as the pandemic and switch to remote and hybrid work created new vulnerabilities that cybercriminals are working hard to exploit. In response, organisations should build greater cyber resilience by implementing updated security controls and prioritising regular cybersecurity awareness training to protect employees – and the business – from attack.
The research shows that 75% of respondents in the UAE believe that their employees’ poor password hygiene is putting their company at risk. In addition, 50% of UAE respondents expect security naïve employees to be their biggest email security challenge in 2021, compared to a global average of 43%. Yet only one in five respondents indicated they have ongoing (more than once per month) security awareness training in place. Studies have also suggested that human error plays a role in up to 90% of all successful breaches.
Our research has found that users that are exposed to regular cybersecurity awareness training were more than five times less likely to click on dangerous links originating from phishing emails.
TECHx: World Password Day is the ideal time to revamp your passwords. What advice do you have for businesses and individuals who want to keep their passwords secure?
Duane: Good password hygiene and high levels of awareness of different cyberattack types are proven methods for reducing the risk of an attack and protecting organisations and their employees. Effective training should be engaging, interesting and frequent and amongst other things encourages users to regularly update their passwords and teach them how to identify phishing emails that could be tricking them into handing over sensitive information. Users should always use passphrases as these are far harder to crack, make use of IT approved password managers and ensure they aren’t using the same password across multiple platforms. Having unique passwords across personal and company platforms will ensure that if a person’s social media profile is phished for example, they aren’t at risk of having a corporate account compromised. Effective cybersecurity awareness training should therefore be the bedrock of any modern organisation’s cybersecurity efforts.
