Many people worry that cybersecurity involves a dark and dangerous domain full of unpredictable terrors and threats over which they have little control. The fact is that the greatest risks in the digital space result from the same causes as security vulnerabilities in the real world -- poor habits. How many people do you know who leave their doors or windows unlocked at night or hide a spare key under a pot plant near the back door? In effect, they are prioritising convenience over security -- a lax practice that many people emulate online by using easy-to-remember passwords or using the same password for multiple accounts.
Given that many online services use your email address as a user name, this ‘convenience’ means the theft of your easy or recycled password from a single insecure service can hand over the key to your online identity. The vulnerability of passwords is a fact, not a claim, as demonstrated by the 2017 Verizon Data Breach Investigations Report (DBIR) which states that 81 percent of hacking-related breaches leveraged either stolen and/or weak passwords.
A successful attack or “hack” can cause a “data breach” -- illicit access to information held within the compromised computer system. Data breaches range from the mundane -- where unauthorized text is published on a hacked website -- to the massive, such as the 2013 Yahoo! security breach in which as many as three billion user accounts were reportedly hacked.
On an individual level, many of us rely on passwords to protect our confidential information online. However, the disturbing truth is that passwords are more of a problem than a solution. As described above, many people prioritize convenience over security by simplifying or reusing passwords. Even a rigorous password is a risk because people write them down when they are too tricky to remember -- which makes them physically vulnerable.
So, What Do You Do If Passwords Provide No Protection?
The answer is cybersecurity, the combination of technologies, processes and practices designed to protect computers, programs, data and networks from attack, damage or unauthorized access.
Effective cybersecurity ensures that identities -- the lynchpin of online access -- are secure by replacing poor habits with easy-to-use systems.
Technologies such as the Centrify Identity Services equip the hybrid enterprise to protect itself against cyberthreats and data breaches from compromised credentials.
Centrify mandates secure processes such as multi-factor authentication (MFA) to require more than the single “factor’ of a password for access to a system. An example is a code sent to a registered mobile device before a system login or a privileged administrative process is permitted.
Through features such as single sign-on (SSO) -- which requires just one credential plus any additional authentication factors -- Centrify ensures that safe practices, such as updating passwords and maintaining up-to-date details, are undertaken as part of a daily practice.
Centrify minimizes an organization’s attack surface and controls privileged access to its systems by mandating identity assurance, just-in-time and just enough privilege, advanced monitoring and reporting. For example, the Centrify Analytics Service maintains security and supports productivity by matching its dynamic security posture to the risk calculated from scoring the behavior of users.
Cybersecurity is far too important to leave to individual employees as any vulnerabilities impact the entire organisation. Ponemon Institute research commissioned by Centrify reveals that data breaches can inflict sustained damage to share prices and substantially increase customer churn.
The bottom line is that cybersecurity is not something that you do, such as entering a password, but a process that’s woven into the fabric of your information systems so that it protects identities, systems and data at every step of the way and every hour of the day.
Want to learn more cybersecurity tips to stay safe? You are in luck -- here are some more tips!
This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.