Guess what? Your passwords are worthless.
Passwords alone are essentially not secure enough. When it comes to your web-based and external business applications, a single form of authentication is too weak, regardless of how difficult you think your password may be to guess. Sure, yes absolutely you should follow all the best practices including; complexity, length, uniqueness, privacy/storage method, periodic changes and so on - however, even following all the best practices, if you are not using multi-factor authentication systems, you are left highly exposed. Further still, privileged access management software is something to consider. And so is a secure access gateway, for all things business…
Therefore to be clear, what I am saying is, your account security is almost everything but the password. Because with spearphishing attacks and other methods, hackers are getting your password if they want it, in many cases, eventually. Then once a hacker has acquired the credentials with the privileges they need, they own you. They really do. Also, there are databases today with billions of passwords stored and being sold on the dark web, which have been harvested from authentication systems, e-commerce sites and social networks. Those credentials are being peddled, searched and utilized to hack and attack indiscriminately across the globe daily.
Today, businesses must operate and perform threat modeling under the assumption that your password is compromised and then think about what security measures you have in place as the next line of defense. Because a password simply cannot be the last line of defense. What will you do to prevent hackers from accessing your network when they have your password? That is the real question. It’s not a matter of if, it is a matter of when they will have it. And those are the questions APM is answering for clients everyday, particularly those who are willing to face this reality; and listen, learn, plan, act and implement.
I have found that it does not matter how large or small the organization, in large part this risk exposure within organizations is being ignored or dealt with incompletely. So many managers and executives simply bury their heads in the sand blatantly ignoring the security risks and the advice presented here. The time of ignoring risk exposure has past, no matter the size of your business. Single authentication systems exposed on the internet in your business could be your single biggest security risk, yet one of the easiest to fix. Multi-factor authentication is not an end all solution, but will drastically improve your security posture and significantly decrease the risk of data compromise.
Don’t just start thinking about multi-factor, implement it today, across all of your internet accessible applications and services. If you are just starting, then speed up. MFA is a baseline security measure today, not some fringe technology. I have said time and again, you should have had MFA a year ago. Not having it is like an engraved invitation for hackers to control, steal, encrypt and destroy your critical business data and operations.
APM Featured Security Partners:
At APM we rely on dozens of Security vendors and manufacturers to fulfill the services we provide to our customers on a daily basis. Every month we select feature a select Security Partner to help educate our audience on principles and key technologies to help organizations make better decisions to implement stronger security controls to protect their organizations' data assets. Our latest featured Partners include:
APM is proud to feature Thycotic Security as our Privileged Account Management Partner. APM has over 7 years of experience working with Thycotic PAM.