Most cloud professionals stay overly connected to the usage of passwords regardless of their inherent safety vulnerabilities, worth as a goal for risk actors, and widespread frustrations round password hygiene necessities.
This is likely one of the key findings from analysis performed by Beyond Identity, a supplier of passwordless, phishing-resistant MFA.
The survey of greater than 150 cloud business professionals was performed on the latest Cloud Expo Europe occasion and revealed over four-fifths (83%) of cloud professionals are assured about passwords’ safety effectiveness, over a 3rd (34%) saying they’re very assured. This is even though insecure password practices are repeatedly exploited in cyber assaults worldwide, with 80% of all breaches utilizing compromised identities.
Asked about their experiences of utilizing passwords, the research revealed a variety of frustrations cloud professionals face with hygiene necessities for password-based techniques. Over half of respondents (60%) discover it irritating to recollect a number of passwords, 52% by having to repeatedly change their passwords, whereas one other 52% are annoyed by the requirement to decide on lengthy passwords containing numbers and symbols.
The variety of passwords used every day by cloud professionals additional underlines these challenges: 1 / 4 of respondents (26%) use four-five passwords, with 10% utilizing 10 or extra passwords every day. Adding to the difficulties password customers face, many organisations require frequent password adjustments, with 38% suggesting quarterly updates, 27% month-to-month adjustments, and 6% recommending every day or weekly adjustments. This will be an arduous activity, whereas amounting to minimal safety advantages.
The survey additionally confirms the worth of passwords as a goal for risk actors, with phishing assaults remaining prevalent. When requested in the event that they’ve ever obtained a phishing e-mail which they’ve flagged to their safety crew, over a 3rd of cloud professionals claimed they’d flagged one-three, 18% flagged four-six, and practically 1 / 4 (23%) flagged seven or extra. More worryingly, 11% have obtained however not flagged a phishing e-mail and one fifth (20%) of respondents merely aren’t certain in the event that they’ve ever by accident clicked on a phishing hyperlink. Nearly one fifth (19%) mentioned colleagues have clicked on a phishing e-mail, and over 1 / 4 admit to doing it themselves – 11% say they’ve finished it greater than as soon as, and 5% mentioned they do it repeatedly.
Patrick McBride, co-founder of Beyond Identity, mentioned: “Widespread user frustration represents a dangerous situation for organisations using password-based systems to protect their data in the face of continued phishing attacks. This survey shows an alarming displaced confidence from cloud professionals – the bottom line is you can’t have effective security and advance to meet the promise of Zero Trust Security if you are still using passwords.
Despite continued attacks targeting credentials and frustrations over password hygiene requirements, the majority of cloud professionals (74%) still believe regularly changing passwords is good cybersecurity practice. Most cloud organisations (82%) use Multi Factor Authentication (MFA) as an added layer of authentication, with the most popular MFA being a Mobile Authenticator App. When asked their opinion on MFA, the general feeling was positive, with over half (55%) claiming to be ‘very confident’ in it as a security measure. This is despite there being an alarming number of successful MFA bypass attacks over the last year, most notably the high-profile cases of Coinbase, Twilio, Reddit, Uber, and Okta.
“Passwords have been used in IT for more than 60 years, but cyber threat actors have driven them into redundancy. And now with MFA-bypass attacks on the rise, it’s essential to move beyond first-generation Multi-Factor Authentication (MFA) that uses one-time-passwords and push notifications, and adopt next-generation ‘phishing-resistant’ MFA for a more effective defence against cyber risks,” added McBride.
Heightened consciousness is required on the excellence between good MFA and outdated MFA that also depends on passwords. The FIDO Alliance (Fast Identity Online) has developed requirements to fight the acute vulnerability posed by passwords and FIDO-based options are actually really helpful on the highest ranges of presidency.
“If you want to eliminate the risk of a breach, you need these foundational systems in place. This research highlights a critical need for cloud organisations to update their prehistoric systems and focus on passwordless authentication and phishing-resistant MFA,” concluded McBride.
Want to be taught extra about cybersecurity and the cloud from business leaders? Check out Cyber Security & Cloud Expo going down in Amsterdam, California, and London. Explore different upcoming enterprise expertise occasions and webinars powered by TechForge right here.
