Can’t Remember Your Password? Just Ask a Hacker

In 2020, the world went online in a lot of new and unexpected ways. From ordering groceries and takeout, to ordering normal household supplies (like that elusive toilet paper), to running court hearings (remember the attorney with the cat filter?), and of course, to how we work and how we operate our businesses. Working remotely is one of the changes that affected a greater percentage of Americans than other changes in our “new normal.” In fact, 62% of Americans found themselves working from home last year and it appears that this change is going to last far into our future. The vast majority of employees and their employers are seeing the benefits of working from home and they don’t want to go back to the old ways of doing things. However, with every new change comes new challenges, and one of the most affecting challenges of remote work is that of cyber security.

Since employees began working remotely, cyber attacks have skyrocketed. The FBI reports that cybercrime increased by 300% in early 2020, and attacks targeting remote workers grew 5x within the first 6 weeks of quarantine. This also meant that 20% of organizations reported having a data breach which could be linked back to a remote employee. Every form of cyber attack saw a huge increase, including phishing (up by 600%), ransomware (148%), malware activity (128%), botnet traffic (29%), and attacks on IOT devices (13%).

Cyber criminals are taking advantage of the new weak links that come from remote work. These weak links include employees using personal devices that are no longer under the umbrella of securities set in place by their IT departments. Zoom bombing has also been a huge issue as video conferencing and collaborative tools are easily compromised. Employees are also, of course, working from home where networks may not be secure or they may have spotty WiFi, which also increases the risk of cyber attack. Lastly, legacy systems that companies are used to relying on, were not built to manage the influx of remote access. Another security issue is that 49% of employees are working from home for the very first time and 20% received no tips or training on securing their devices or networks. Fifty-six percent of employees use their personal devices, but 25% don’t know what security protocols are on those devices. Seventy-five percent of employees would be likely to follow their company’s security protocols for remote work, but many companies are simply failing to implement security protocols. Part of this is due to the fact that companies faced a sudden transition to remote work and IT departments had very little time to prepare for such a huge change.

Not surprisingly, cyber criminals will, of course, continue their attacks on remote employees. They’ll continue using social engineering attacks, and targeting vulnerable devices and unsecured WiFI. Unfortunately, due to the nature of these attacks, 76% of companies will need more time to detect and contain breaches and 70% say that cost to deal with these breaches will increase.

Sixty percent of companies have implemented multi-factor authentication, but this type of security still has a lot of weaknesses. If there’s a password in use, then there’s a password to hack. Sixty-three percent of data breaches exploit reused or weak passwords. MFA does prevent 95% of bulk phishing attempts and over 75% of targeted attacks, but it’s not a perfect system due to the use of passwords. With the sudden Zoom boom in 2020, over 500,000 Zoom accounts were hacked using credential stuffing (using username/password combos collected in previous breaches.)

Fortunately, there is a better way. Passwordless security completely eliminates passwords and replaces them with cryptography and biometrics. This kind of security also includes risk-based authorization, which checks every user and every device to enforce stronger access controls. It creates a frictionless login with no out-of-band messages to be hacked.

Passwordless security is the future or cyber security for a remote access world.



Read next: Research Reveals Many Fortune 500 Companies Use Extremely Weak Passwords, Can Be Hacked Instantly

No comments:

Post a Comment