With upwards of 30 billion devices connected online today and ransomware attacks set to occur every two seconds by 2031, data has never been at greater risk of exploitation. Passwords are the first line of defence for accessing data. However, many passwords are currently inadequate and are increasingly exposed to modern cyberattack techniques.
According to the Cyber Security Agency of Singapore (CSA), using “password” as a password takes under a second to hack, but it remains one of Singapore’s 100 most popular passwords. CSA also noted that there is a prevalence of the same passwords being used across multiple accounts. These findings are alarming given that cyberattacks are now firmly a matter of ‘when’ not ‘if’ and malicious actors can access the processing technology they need for as little as US$1,500.
World Password Day is a timely reminder that passwords are a constant not fixed state, which must be strengthened with additional capabilities and best practices to ensure access to precious data is not provided to malicious actors. The following capabilities are vital for organisations looking to strengthen their data security and data access:
- Multi-factor Authentication (MFA) strengthens platform security by requiring users to verify their identity using more than just a username and password. MFA ensures that users authenticate login requests and their passwords by using a unique response that only they can provide like a mobile phone challenge or TOTP.
- Role-based Access Control (RBAC) assigns specific privileges based on user roles, reducing data breach and insider threat risks. This minimises risk and prevents employees from overreaching into areas beyond their responsibilities and minimises risk in the event a password is compromised.
- Quorum is an authorisation method that requires approval from at least two individuals, preventing single-user or compromised credential exploitation. This capability means no single compromised account can make unilateral changes or impact business critical operations.
If malicious actors successfully take over an employee’s account through a compromised password, AI-powered anomaly detection is vital for alerting IT teams to unplanned or abnormal changes in data size or format, as this is often indicative of malicious activity. By detecting anomalies early, organisations can respond by either mitigating potential threats before they escalate or recovering quickly if an attack is already underway.
Sathish Murthy is the systems engineering lead for Asean and India at Cohesity
