Cybersecurity – the practices of protecting the confidentiality, integrity and availability of an enterprise IT assets from end-point to end-point.
Today’s computer networks are complex and decentralized, creating multiple points for hackers to attack. This fact alone makes cybersecurity both important and difficult for information technology (IT) administrators to achieve. These managers not only have to deal with keeping servers, operating systems and applications up-to-date, but now they are also tasked with managing Bring Your Own Devices (BYOD), Internet of Things (IoT), Clouds, phishing, pharming, social engineering, and many other threats.
Because we live in the Internet age, IT managers also worry about the network security of other companies, something they have zero control over. Sending a simple email from one person to another may involve hundreds of vulnerabilities.
Despite all these attack points, whenever a data breach is reported in the news, the lack of strong passwords often gets blamed first. The main reason passwords are the easy scapegoat (especially in the media) is because people actually know what passwords are and everyone is frustrated with trying to manage them.
Password authentication is not the problem.
The management of passwords is the real security nightmare.
In our world of ever-increasing cyber-attacks, IT invests massive amounts of time, resources, and money to secure corporate networks and data, train employees to be wary of attacks, and perform 24/7 monitoring of data traffic to spot anomalies. Because there are no silver bullets, many different security technologies are utilized to address each potential threat, and often not in a coordinated fashion.
With so many vulnerability points for hackers to target, where should cybersecurity start? The first line of defense must be trusted authentication of the user. User authentication has to start when you turn on the computer, before the operating system is fully loaded. If authentication takes place behind the firewall, where Single Sign-On and One-Time Password technologies reside, it’s too late. For the vast majority of computers in the world today, an end-user implements authentication via a user name and password. That makes password authentication the elephant in the room everyone is ignoring.
What Needs to be Fixed is How Users Manage Passwords
Employees (or end-users) are the weakest link in any computer network for three reasons. First, they do a very poor job of generating passwords. The passwords they choose are easy to crack. Second, they can’t remember their passwords, so they write them down and store them in places where they (and others) can find them. And third, end-users are susceptible to social engineering schemes (aka human hacking) which hackers use to get people to voluntarily give up their passwords.
When employees are given the responsibility to generate, know, remember, type, and manage passwords, IT has inadvertently given employees the job title “Network Security Manager.”
