The struggle to fight against cybersecurity breaches is real. There has been a concerning increase in data breaches of late. Since the onset of the pandemic, the FBI reported a 300 percent rise in cybercrimes like spear-phishing.
Spear-phishing is a cybercrime that steals sensitive financial information via email. It targets people to click on a website link that redirects them to a site with malware. The malware is then maliciously downloaded onto a device. It infects the device and gains access to their data.
Even executives at top companies are not safe and have become victims of these scams. The State of the Phish report by Proofpoint surveyed 600 IT professionals across seven countries; and found that 55 percent of organizations had fallen victim to at least one successful attack.
With the emergence of employees working from home, organizations need to be vigilant. And introduce policies to protect employees and their company’s interests from cybercrime.
The Role Of Password Protections
Humans, and machines worldwide, store approximately 300 billion passwords to log into confidential digital information. But, here’s the problem. Many people use the same password for multiple accounts.
If a hacker gains access to one particular password, other accounts can become under threat. According to Verizon’s Data Breach Report, in 2019 alone, the proportion of breaches related to hacking that used either lost or stolen online credentials stood at a staggering 81 percent.
That’s why it may come as no surprise to hear that some people are opting to use password managers instead, thereby keeping their passwords different but storing them all in one place for easy recall. Unfortunately, this is somewhat akin to ‘putting all of your eggs into one basket’—it is never a good idea to keep all of your sensitive data in one, hackable place.
Password managers can seem like a logical solution, but they are inherently risky. For starters, if you forget your master password for a password manager that lacks a reset feature, you’re stuck. Then, there is the issue with backing up your information. If you don’t take steps to back up your information and a server error, you could lose your data. On the condition that the provider backs up your information, is it safe from hacking?
Cybercriminals can easily hack password managers if your device becomes infected with their malware. Once they gain access to your master password, they have access to every one of your accounts.
Remembering multiple passwords has been a problem for many for a long time now. While password managers may solve it from an organizational perspective, they do nothing to better protect your sensitive information from cybercriminals.
That is why the ultimate solution is to go with passwordless technology. So much so that Gartner predicts that by 2022, 90 percent of midsize businesses will utilize passwordless authentication technologies during more than 50 percent of their login processes.
We can’t protect our sensitive data from every threat all of the time. For example, no matter how well we protect our financial authentication information, all bets are off if the bank we entrust our personal information with gets hacked.
Most hacks occur with people logging into platforms without being aware of their hacked data. Going passwordless is one way to add another level of protection against cyberthreats. That’s where asymmetric encryption comes in.
Many professionals use weak passwords. And, it has become far too easy for hackers to gain access to login credentials when stored on multiple online verification databases.
Emir Ceric, the founder of Meveto, a company that provides passwordless authentication technology, sheds light on this and says, “Data breaches via password authentication hacks are one of the biggest problems globally. Everything is kept online, from banking, medical information, personal correspondence to photos. It’s all there, ready to be hacked.”
Asymmetric encryption can help to mitigate this problem through passwordless authentication systems that use dual-key cryptographic technology. On-site databases do not store password data. But instead, they’re stored as a single lock that has two keys.
Asymmetric encryption is a more secure way to authenticate as the private keys are decentralized on the user’s phone. This encryption adds an extra level of protection to sensitive personal information as hackers cannot hack one place and set a “honeypot” or”honey trap” like they can with passwords.
A Double-Edged Sword
Gartner predicts that the global information security market could surpass $170 billion by 2023. Technologies such as AI, machine learning, and the Internet of Things (IoT) have been pivotal in enhancing the speed and precision for companies to defend their data. But these advantages have come at a cost.
AI-enabled tools allow hackers to leverage artificial intelligence and automate malware to avoid antivirus software detection. For companies, this is quite troublesome as it means that they will have to invest heavily into cyber risk mitigation—to evolve as hackers do.
One thing remains clear. Companies must take cyber threats seriously. If they don’t, then they run the risk of becoming the next Sony Pictures hack.