With cybercriminals costing businesses $1 trillion in 2020 and only 70% of cybersecurity breaches detected within 12 months of an attack, organisations remain in urgent need of stronger controls on employee and IT password management.
That's according to Craig Lurey, chief technology officer and founder of password management provider Keeper Security. He explains that employee and IT passwords remain the biggest point of vulnerability to cyberattack.
"90% of employee passwords can be cracked in six hours or less," Lurey says. "81% of breaches are due to weak password security."
Because people have multiple passwords for work systems -- sometimes as many as 50 in regular use at one time -- they often choose passwords that are easy to remember. This is an even larger concern when so many are working remotely.
Issues must be tackled urgently to defend organisations of all sizes against the rise in targeted attacks, particularly ransomware, warns Lurey.
Placing password security front and centre of the cybersecurity strategy is key for every organisation -- as it only takes one breach of one weak password to do irreparable harm, Lurey says.
Soaring impacts of ransomware
Keeper surveyed 2,000 employees across the US whose employers suffered a ransomware attack in the previous 12 months. Results reveal a "domino effect" of rising impacts post-breach, with around half of respondents actually paying the ransom.
Phising emails caused 42% of ransomware attacks, malicious websites 23% and compromised passwords 21%, the report indicated.
- 77% suffered outages of systems or networks post-attack
- 28% of the outages lasted for a week or longer
- 26% suffered delays to their work for at least a week
- 71% of new software and updates were disruptive
- 64% of respondents lost login credentials or documents
- 38% reported experiencing program or application glitches
Password management is critical
Lurey says all organisations also need to know if policies are being followed and if passwords have been reused, as well as if they have been compromised and are being sold on the dark web.
"This is where Keeper comes in, with zero knowledge, zero trust architecture," Lurey says. "Our solution is loved by users and easily deployed."
Organisations should ensure that strong, unique passwords are adopted across all accounts and enable multi-factor authentication wherever it can be supported.
Keeper manages organisational passwords to prevent data breaches, improve employee productivity, cut helpdesk costs and meet compliance standards. It mandates granular, secure sharing of credentials and secrets and robust compliance via tracking, monitoring and logging of myriad event types.
Click here for a full demo of Keeper Password Manager -- available for the enterprise, MSP or individual.