Jason Casey, CTO of Beyond Identity, assesses human misconceptions in the cybersecurity industry and explains why you should trust modern technology.
Human misconceptions include an innate tendency to cling to what is familiar, resist change, and develop a false sense of confidence in what is reassuring.
How often do we have to be told that flying is safer than driving? When the statistics pile up to prove otherwise, most of us are safest by staying at home. Why do we feel that way? Some studies show that the number of medically consulted injuries that occur in the home is higher than the total number of medically consulted injuries that occur in public places, at work, and in car accidents. It even suggests that there are more than the total number of people combined.
The same can be said about technology. We are wary of the new and cling to the familiar. Due to human misunderstandings, new innovations can take months or even years before they are welcomed with open arms. But once they exist, we often can’t remember life without them.
For example, consider Edison’s commercialization of the light bulb. Although the technology is now ubiquitous, it took him more than 40 years to be accepted by the masses. Until a while ago, Conventional wisdom has held that public clouds should not be trusted for critical data and applications. That was a natural reaction, but now, out of necessity, we are often sending operations to the cloud for added security instead of risking them to the cloud.
Today, the same unconventional logic applies when it comes to passwords. As the volume of cyber threats continues to grow, it is becoming clear that relying on traditional password-based security is now more of a hindrance than an aid in the fight against cybercrime.
Despite the obvious vulnerabilities and growing user dissatisfaction associated with passwords, many organizations rely on them as a core component of their security strategy. But it’s only a matter of time before we retire passwords and embrace more secure alternatives…surely?
False confidence in passwords
recent research revealed that human misunderstandings regarding passwords are widespread. Most cloud professionals continue to place too much confidence in the use and security of passwords.
Additionally, an overwhelming 83% express confidence in the security effectiveness of their passwords, with more than a third declaring their confidence to be “very high.”
But these numbers juxtapose uncomfortably with the harsh reality: 80% of all breaches This is primarily due to compromised identities through the use of passwords. Now, instead of breaking in, hackers reuse stolen credentials to log in.
Repetitive and demanding password management routines also have significant security implications. While many cloud professionals manage multiple passwords every day, organizations continue to require passwords to be changed frequently, making password security less of an effective defense and more of a It becomes a hassle.
Specifically, more than half (60%) of respondents say they find it tedious to remember multiple passwords, and 52% say they change their passwords regularly. In contrast, an additional 52% are frustrated by having to choose long passwords that include numbers and symbols.
Passwords attract threat actors
In addition to their complexity, passwords have proven to be an attractive target for threat actors. Phishing attacks remain common, with many respondents admitting to having flagged or accidentally clicked on a phishing email. Contrary to human misconception, relying on passwords can unintentionally expose your organization to cyberattacks and further jeopardize your security.
When asked if they have ever received a phishing email and reported it to their security team, over a third of cloud professionals reported between 1 and 3, and 18% reported between 4 and 6. , nearly a quarter (23%) had seven or more flagged.
Even more concerning, 11% have received a phishing email but have not reported it, and one-fifth (20%) of respondents have never accidentally clicked on a phishing link. I have no confidence at all. Almost a fifth (19%) say they have clicked on a phishing email by a colleague, and more than a quarter admit to having clicked on one themselves. 11% said they had clicked more than once, and 5% said they clicked regularly.
Evolving passwordless authentication: Can human misconceptions be overcome?
User frustration with password-based authentication and a common sense of human misunderstanding create a precarious situation for organizations that rely on passwords to protect their data and customer accounts.
Even more concerning is that despite the frustrations and vulnerabilities associated with password-based security, 74% of cloud professionals still believe in the effectiveness of regular password changes as a cybersecurity measure.
While the popularity of multi-factor authentication (MFA) as an additional layer of security is a positive trend, there has been an alarming increase in successful MFA bypass attacks, as seen in high-profile incidents such as: coinbase, Twilio, reddit, Uber, And most recently, MGM Casino.
One of the challenges of human misunderstanding is that the threats facing organizations have increased significantly since passwords were first introduced over half a century ago. In today’s cybersecurity landscape, organizations focused on addressing the risks passwords create are beginning to shift their focus to next-generation “phishing-resistant” MFA to provide more robust protection against cyber threats. is needed.
Recognize the vulnerability posed by passwords, Fast Identity Online (FIDO) Alliance has developed standards to guide the transition to more secure, passwordless authentication systems. Adoption of such solutions is now encouraged at the highest levels of government.
Organizations are transitioning away from traditional password systems and weak MFA to continuous authentication, which eliminates all shared secrets (passwords, codes, links, etc.) and is designed to accelerate the transition to a Zero Trust security paradigm. We are beginning to see an increased need to focus on authentication. .) Criminals harvest to plant ransomware crops.
This approach is beneficial for security and improves the user experience by eliminating the tedious aspects of password management. This is a win-win for all parties working to maximize cybersecurity.
Get modern, secure authentication at your fingertips. But while people continue to cling to the familiar with passwords, they are effectively leaving a welcoming mat for attackers.
Additionally, just as medical incidents increase in the safety of the home, cyber-attacks will also increase as human misconceptions about cybersecurity lead to reliance on passwords. It’s time to embrace the new and close the front door once and for all.