Cyber Security is a common aspect that is pervasive across enterprises. A recent Deloitte study found that companies spend roughly $2,700 on each full-time employee for security each year. For companies with large workforces, that can add up to millions. But now many enterprises holds every staff responsible for it, as all the spending in the world won’t matter if you’re using passwords and the weak security they provide in your authentication processes. As technology is used in every aspect of our daily lives in this digital domain Smart nation, we all need to stay cyber-safe. The benefits of digitization are clear but is your business vulnerable to cyber risk and threats?
Our author, Mr. Jerry Lim, shares the common cybersecurity challenges and suggestions to mitigate them.
Internet security firm SplashData releases the Worst passwords list comprising the most common passwords of 2022, and it is no surprise that the 5 most common passwords are
- 123456
- 123456789
- qwerty
- password
- 12345
In fact, one of the factors that leads to SingHealth cyber-attack and data breach was the use of weak administrative passwords. During that period, the personal particulars of 1.5 million SingHealth patients, including Singapore’s Prime Minister were stolen. In this instance, one local administrator account had used “P@ssw0rd” as a password, which could have been easily deciphered.
This is one of the examples that show people, and in this case, passwords are the potential weakest link in Information Technology cyber defence. Thus, it is important for an organization to take greater ownership to manage this area in terms of cybersecurity as a whole. Having a strong password policy in the organization will set a definite tone for how the employees create and use passwords. While the organization may not be able to have 100% control of users’ activities, it enables the organization to guide the employees for their own cyber safety, and in turn, strengthen the entire organization’s cyber security.
Some of the suggested good practices are as follows:
Ban common passwords – This will reduce your organization’s susceptibility to unsophisticated password attacks
Enforce Multi-Factor Authentication – Provides additional layer of security, as it requires at least two authentication factors to access an account – something you know (a password), something you have (a one-time authentication code generated), and something you are (fingerprint).
End-user education – End of the day, education and awareness matter! This is important especially when cybercrime is constantly evolving and getting more sophisticated. One of the most important messages to get across to users in your organization is to not reuse their organization password anywhere else.
As the common proverb says, “‘A chain is only as strong as its weakest link’. Whether a hacker can break into critical systems here depends on the weakest link and the individual’s level of cyber defence. Therefore, never underestimate the importance of having a strong password practices for your organization.
Know how GICG can support in your journey towards CyberSecurity.
Author: Mr. Jerry Lim
Founder of Megapixel Solutions LLP
Full stack developer & Project Manager
Expert Singapore Certified Management Consultant (ESCMC)
Reference:
https://www.beyondidentity.com/blog/cost-passwords
https://techcult.com/most-common-passwords/
https://www.straitstimes.com/singapore/hacked-singhealth-server-had-not-had-security-update-for-14-months-cyber-attack-coi-finds
https://www.zdnet.com/article/singhealth-data-breach-reveals-several-inadequate-security-measures/
https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
