Jasson Casey, CTO At Beyond Identity, Evaluates Human Misconceptions in The Cybersecurity Industry and Explains Why We Should Embrace Trust in Modern Technologies.
Humans have a natural desire to cling to the familiar, reject change, and place mistaken trust in what makes them feel safe.
How often do we need to be reminded that flying is safer than driving? Why do most people feel most secure in their homes even if the evidence points to the contrary? According to some studies, the number of injuries that require medical attention at home exceeds the sum of the numbers of injuries that require medical attention at work, in public settings, and in automobile accidents.
Technology falls within this same category. We avoid the unfamiliar and cling to the tried-and-true. Due to common misunderstandings, it might take months or even years for new inventions to be warmly received. However, once they’re there, we frequently can’t recall our lives without them.
Consider Edison’s commercialization of the lightbulb, which is today a standard piece of technology but took more than 40 years to gain widespread acceptance. Conventional wisdom once held that sensitive data and apps should not be trusted to the public cloud. It was a reasonable response, but nowadays, unavoidably, we frequently shift activities to the cloud for more security rather than sending them at risk.
Technology falls within this same category. We avoid the unfamiliar and cling to the tried-and-true. Due to common misunderstandings, it might take months or even years for new inventions to be warmly received. However, once they’re there, we frequently can’t recall our lives without them.
Consider Edison’s commercialization of the lightbulb, which is today a standard piece of technology but took more than 40 years to gain widespread acceptance. Conventional wisdom once held that sensitive data and apps should not be trusted to the public cloud. It was a reasonable response, but nowadays, unavoidably, we frequently shift activities to the cloud for more security rather than sending them at risk.
Misplaced Trust in Passwords
The majority of cloud professionals continue to place an excessive level of faith in the usage and security of passwords, according to recent study, which has found that human fallacies about passwords are widespread.
More than 83% of them indicated trust in the security efficiency of passwords, with more than a third rating their confidence as “very high.”
The sobering fact that 80% of all breaches are the consequence of compromised identities, mostly as a result of the usage of passwords, makes these statistics uncomfortable to consider. Hackers nowadays log in by using credentials that have been stolen, not by breaking in.
Password management’s tedious and demanding routine has a significant influence on security. While organizations continue to need regular password changes, which makes managing many passwords by cloud professionals a burden rather than an even less effective line of defense, password security has become a problem.
More specifically, 60% of respondents stated it is difficult to remember various passwords, and 52% said they avoid this problem by often changing their passwords. Another 52%, in contrast, find the obligation to select lengthy passwords with digits and symbols annoying.
Threat Actors Are Drawn to Passwords.
Passwords have shown to be a desirable target for threat actors, which increases the complexity. fraudulent assaults are still prevalent, and many respondents acknowledged that they have unintentionally deleted or opened fraudulent emails. Contrary to popular belief, relying too much on passwords can expose organizations to cyberattacks and compromise their security even further.
Over a third of cloud professionals said they had reported between one and three phishing emails to their security team, 18% said they had reported between four and six, and nearly a quarter (23%) said they had reported seven or more.
Furthermore, 11% of respondents have received phishing emails but have not reported them, and 20% of respondents are unsure of whether they have ever unintentionally clicked on a phishing link. These statistics are concerning. Over a quarter (27%) admit to clicking on a phishing email, 11% to doing so more than once, and 5% report doing so on a regular basis. Nearly one-fifth (19%) of respondents reported that coworkers have clicked on a phishing email.
Password-Free Authentication Evolving: Can It Dispel Common Misunderstandings?
Organizations that use passwords to safeguard their data and customer accounts are in a risky situation because of the common user irritation and misconceptions about password-based authentication.
Concerningly, 74% of cloud professionals continue to support frequent password changes as an effective cybersecurity strategy, despite the drawbacks and weaknesses of password-based security.
Although MFA is becoming increasingly popular as an extra layer of protection, there has been an alarming rise in successful MFA bypass attacks, as seen by high-profile incidents involving companies like Coinbase, Twilio, Reddit, Uber, and most recently, MGM Casinos.
The fact that the challenges organizations face have increased significantly since passwords were originally introduced more than 50 years ago is one of the difficulties with human perceptions. To provide a more effective defense against cyber-attacks in the current cybersecurity environment, organizations addressing the hazards that passwords create should start refocusing on next-generation ‘phishing-resistant’ MFA.
The Fast Identity Online (FIDO) Alliance has created standards to help with the transition to more secure, password-less authentication systems in recognition of the danger posed by passwords. At the highest levels of government, adopting such solutions is now advised.
Organizations are increasingly realizing how urgent it is to abandon outdated password systems and inadequate multifactor authentication (MFA) in favor of continuous authentication, which eliminates all shared secrets (passwords, codes, links, etc.) that criminals use to sow ransomware crops.
This strategy is advantageous for security and improves the user experience by getting rid of the annoying features of password management. It benefits all parties involved in maximizing cybersecurity in a win-win situation.
We have access to current, secure authentication right now. However, by sticking with the known and employing passwords, users are essentially laying the door open for attackers.
Furthermore, because people rely on passwords due to misunderstandings about cybersecurity, more cyberattacks happen, just like more medical accidents take place in the privacy of our homes. It’s time to close the front door permanently and welcome the new.
