Dynamic Cyberattacks Call For Intensified Dynamic Password Control Through Automation
By: Matthew Vulpis
Originally published on TechZone 360
When the Covid-19 pandemic began, organizations across all industries were forced to go digital, which unfortunately led to a boom-time for potential cybercriminals. Reports of cybercrime shot up by almost 70 percent in the US compared to 2019, as the lockdown created an ideal environment for cybercriminals, with phishing and ransomware remaining the most common approach, accounting for 33 percent of cyberattacks.
It’s for these reasons that the shift to digital during COVID-19 puts cybersecurity risk at the forefront of organizations’ concerns. According to a survey done by MetricStream, nearly half of survey respondents (48.91%) listed cybersecurity as their top business risk, and this was even more prevalent among respondents in the Banking and Financial Services Industry (52.94%).
“Both inherent risk and residual risk is increasing, driven by global connectivity and usage of cloud services, meaning business leaders can no longer solely rely on out-of-the-box cybersecurity solutions like antivirus software and firewalls,” said Furkan Kirmaci, Product Owner at Ironsphere, a software and privileged access management company. “With cybercriminals getting smarter and their tactics becoming more resilient to conventional cyber defenses, cybersecurity must be a priority for organizations today.”
One area of cybersecurity that is becoming increasingly important amongst all industries is password protection. The recent “Future of Authentication” report found that for 73 percent of smaller organizations and 45 percent of larger organizations, passwords are still a key part of security management.
It was also found that 48 percent of IT professionals viewed passwords as moderately secure or below compared to other methods, meaning while passwords are still the most widely used form of security, they are clearly not the most secure.
However, with new dynamic password techniques, organizations can strengthen their defenses against potential cybercriminals, keeping both their and their customer’s data safe and secure.
“The basic definition of a dynamic password is a password that does not remain the same, meaning it will constantly change and is based on the authentication method,” said Kirmaci. “New dynamic password control technology, such as Ironsphere’s, is convenient because passwords do not have to be remembered, and because the password is never the same, they serve as a major roadblock for hackers who may be looking to break into privileged user accounts.”
A dynamic password controller is a password vault that stores and rotates SSH keys and passwords of privileged accounts centrally and securely. The technology generates searchable log records and audit trails to meet security and compliance requirements. Having a dynamic password controller offers an organization a myriad of security benefits, which is why the technology is quickly being accepted by businesses across all sectors, pushing static passwords to the brink of extinction.
To start, with dynamic password control, maximum password strength is ensured through randomly generated, one-time passwords, which greatly increases the difficulty of accessing privileged accounts via passwords for cybercriminals.
On top of this, privileged users can request a reservation for a password checkout, which is extremely beneficial for maintenance activities, and when there is a specific time slot during which the user needs to access the device. If a user reserves the password for a specific time frame, another user cannot check it out during that time frame, meaning only one user can use the password at a time for peak security.
Finally, the possibility of a password being leaked or found out via sharing is virtually zero. Because dynamic password control ensures no employee knows or even sees the randomly generated passwords, this prevents employees from being able to share passwords with other co-workers.
“Dynamic password controllers, like Ironsphere’s, are In line with a zero-trust/zero-knowledge policy, as the privileged user is only required to know their individual access credentials,” said Kirmaci. “This ensures the passwords are not shared among employees, and because the passwords are only valid for a limited time, even if an employee shares, it would not matter.”
As the world continues to become more digitized, the volume of concerns towards cybersecurity will only increase. And with an estimated 81% of data breaches occurring due to poor password security, while dynamic passwords are not the newest innovation in cybersecurity, they will play a big part in fighting against hackers looking for an easy cyber attack opportunity.
“Password management for several privileged accounts on its own is a cumbersome task, and adding security, compliance, and audit layers requirements on top of that makes it virtually impossible to manage without a specialized system,” said Kirmaci. “Dynamic password controllers, like Ironsphere’s, can reduce risk immensely, letting organizations and employees rest easy knowing their privileged accounts are safe and secure from vicious cyberattacks.”
While we all instantly understand the motivation for cyber criminals to steal data from financial services companies, retailers, and other transaction-related businesses, it’s less obvious why healthcare is one of the top targeted industries when it comes to security breaches.
Reports of cybercrime shot up by almost 70 percent in the US compared to 2019, as the lockdown created an ideal environment for cybercriminals. However, phishing and ransomware remained the most common approach, accounting for 33 percent of all cyberattacks.
For organizations looking to break beyond the limitations that traditional cloud-based networks impose, edge computing can make all the difference. Often touted as the “next big thing,” edge solutions have started to become common practice in many industries, thanks to the introduction of new technology such as the Internet of Things (IoT) and its various devices, as well as 5G.