Subscribe
How to Take Ethics Beyond Algorithms

Webinar

December 8, 2022

Foundation for Value-driven Digital Transformation

Webinar

December 12, 2022

Last chance to meet July 2023 Consumer Duty regulation deadlines

Webinar

January 10, 2023

How to Build Safe AV Applications from Large Datasets

Webinar

January 12, 2023

How to Prioritize Quality while Scaling your AI and Automation Initiatives

Webinar

January 19, 2023

Ethically Designed AI Systems

Webinar

December 8, 2022

Foundation for Value-driven Digital Transformation

Webinar

December 12, 2022

Last chance to meet July 2023 Consumer Duty regulation deadlines

Webinar

January 10, 2023

Michael Rothschild
By
October 20, 2022

INSIGHTS ARTICLE: HYPR - 15 Years – And It All Comes Back to Passwords

BLOGS COMPANY LOGO - 2022-10-20T164820.243pillar%20page%20line%201

15 Years – And It All Comes Back to Passwords

The Verizon Data Breach Investigations Report (more affectionately known as “The DBIR”) reached a notable milestone. The 15th annual edition was released (and that has to be at least three internet lifetimes). The DBIR report contains 108 pages of detailed information and insights regarding types of attacks, attack surfaces, attack actors, and more. The data is sliced and diced in so many ways that every one that is anyone in the security community will find interesting data relevant to their role.
 
The 2022 DBIR did a great job of not only releasing new data but also with a nod to its 15-year anniversary, taking a retrospective look at some key findings and relating them back to the findings of 2008. These are some of the most interesting elements of the report for those that have been in security for some time because there have been both major changes and static trends from 2008 to 2022. These nuggets of information can help us better understand the trajectory of threats and how we, as security ambassadors, should react and help architect our infrastructures for the future.
 
The Myth and Reality of the Insider Threat
Two specific report elements really stood out to me. For years, we consistently talked about the “insider threat.” Specifically, how an organization’s most valuable asset, namely its people, constituted the biggest threat. In the 2022 DBIR report, while 82% of the attacks involved a human element, most of the attacks came from outside the organization. This is not to say that insiders played no role, but the good news is that most employees, partners, and subcontractors, who are all insiders, did not knowingly or purposefully contribute to an attack. With ongoing education and reinforcement of best security practices to our “most expensive asset,” organizations are well down the road to making the number of unintentional insider threats trend downward. Even more important, however, is to eliminate opportunities for unintentional breaches. This brings me to the second element.
 
Credentials, Credentials, Credentials
The second glaring metric was the use of credentials in an attack. Attacks such as phishing, man-in-the-middle (MitM), smishing, brute force, credential stuffing, and social engineering (both online and offline) are all attacks that are architected to lift passwords and other credentials to gain access to a system. This is the master skeleton key that gives hackers and cybercriminals the portal to perform reconnaissance and launch attacks anywhere anytime and anyhow they want. Whether harvesting data, ransoming information, taking down a system, or causing a catastrophic failure, most attacks can be traced back to a stolen, compromised, or misused password.
 
The Achilles heel of most organizations is the use of the password. Passwords were originally conceptualized and used to book time on mainframe computers they were never meant to be a form of authentication or security. They certainly were not meant to serve as a security staple in the way we use them today. And while over time, we have added layers of protection on top of the password, such as one-time passwords, tokens, and push notifications, these never lived up to the level of security needed. All it really did was provide a false sense of security and add a ton of friction to the user experience. So, in essence, we are in a very similar position to where we were 15 years ago.
 
Event Email Graphic Virtual Conferences (46)
Remove Passwords, Remove the Risk
Moving forward, organizations need to remove passwords from their security arsenal. This, of course does not mean that we should run everything wide open, but rather that we need to adopt multi-factor authentication (MFA) that is passwordless. Phishing-resistant MFA is recommended in guidance put out by CISA, the OMB and many countries all over the world, with FIDO certification the designated gold standard. Instead of relying on a string of letters and numbers to keep things secure, we can go passwordless in a way that completely eliminates shared secrets. By using public and private key exchanges that are invoked by the user, rather than by a server (which can easily be spoofed), credentials are removed as an avenue of attack.
 
With constantly changing attack surfaces and attack vectors, organizations need to look at how people authenticate and gain access to systems starting with the desktop and extending to the cloud. Our ability to conquer the password issue as the origin for many other attacks will put us in a remarkably more secured position as a community than we are today. We can fix the way the world logs in and we do not have to wait another 15 years to effect this change right here, right now.
 

pillar%20page%20line%201

 


Proqis Digital Virtual Conference Series

View our schedule of industry leading free to attend virtual conferences. Each a premier gathering of industry thought leaders and experts sharing key solutions to current challenges.

Download the most comprehensive OpEx Resport in the Industry

The Largest Leadership-Level Business Transformation & Operational Excellence Event

The Business Transformation & Operational Excellence Industry Awards Video Presentation

Proqis Events Schedule

Proqis Digital

The Business Transformation & Operational Excellence Industry Awards

Welcome to BTOES Insights, the content portal for Business Transformation & Operational Excellence opinions, reports & news.

Submit an Article

300x3001c (1)
24097-Proqis-Media-Pack-Banner-300x300
ACCESS 50 VIDEO PRESENTATIONS
Access all 75 Award Finalist Entires
RESEARCH REPORT 2021/2022
BTOES AWARD - NO DATE
BTOES UNIVERSAL GRAPHIC - NO DATE
Subscribe to Business Transformation & Operational Excellence Insights Now
btoes19.png
png
1-Sep-28-2022-02-53-22-62-PM
2-Sep-28-2022-02-53-39-31-PM
3-Sep-28-2022-02-53-48-05-PM
4-Sep-28-2022-02-53-56-24-PM
5-Sep-28-2022-02-54-13-55-PM
6-Sep-28-2022-02-54-25-48-PM
png

Featured Content

  • Best Achievement of Operational Excellence in Technology & Communications: IBM
  • Best Achievement of Operational Excellence in Oil & Gas, Power & Utilities: Black & Veatch
  • Best Achievement in Cultural Transformation to deliver a high performing Operational Excellence culture: NextEra Energy
   
Operational Excellence Frameworks and Learning Resources, Customer Experience, Digital Transformation and more introductions
  • Intelligent BPM Systems: Impact & Opportunity
  • Surviving_the_IT_Talent_deficit.png
  • Six Sigma's Best Kept Secret: Motorola & The Malcolm Baldrige Awards
  • The Value-Switch for Digitalization Initiatives: Business Process Management
  • Process of Process Management: Strategy Execution in a Digital World

Popular Tags

Speaker Presentation Operational Excellence Business Transformation Business Improvement Business Excellence Process Management Continuous Improvement process excellence Process Optimization Process Improvement Award Finalist Case Study Leadership Digital Transformation Enterprise Excellence Change Management Premium Lean Organizational Excellence Lean Enterprise Lean Six Sigma Execution Excellence Capability Excellence New Technologies Changing & Improving Company Culture Agile end-to-end Business Transformation Enterprise Architecture Execution & Sustaining OpEx Projects Lack of/Need for Resources Leadership Understanding & Buy-In Culture Transformation Adapting to Business Trends Changing Customer Demands Failure to Innovate Integrating CI Methodologies Lack of/Need for Skilled Workers Lack of/Need for Support from Employees Maintaining key Priorities Relationships Between Departments BTOES18 Insights Article RPA & Intelligent Automation Live BTOES From Home Financial Services Technology Customer Experience Excellence Process Mining Healthcare iBPM Healthcare and Medical Devices Process Automation Culture Customer Experience Innovation BTOES Video Presentations Exclusive BTOES HEALTH Cultural Transformation Strategy Execution Business Challenges Webinar Digital Process Automation Report Industry Manufacturing Digital Workplace Transformation Robotic Process Automation (RPA) IT Infrastructure & Cloud Strategies Automation BPM Supply Chain Planning innovation execution AI Lean Manufacturing Oil & Gas Robotic Process Automation IT Artificial Intelligence value creation Agility Business Systems Engineering RPAs Insurance Process Design Speaker Article Digital data management Speaker's Interview digital operations Awards thought leaders BTOES Presentation Slides Cloud Machine Learning Data Analytics Digital Transformation Workplace Intelligent Automation Banking and Capital Markets Transformation Data Finance Professional Services Business Process Management Education IT Infrastructure IT Infrastructure & Cloud Strategies Live Blockchain Interview BTOES White Paper investment banking BTOES19 Consumer Products & Retail Enterprise Agile Planning Government Operational Excellence Model Project Management Algorithm Analytics Insight Automotive and Transportation Banking Business Environment Digital Bank Hybrid Work Model Primary Measure of succes Sales Solving Cash Flow with AI business expansion revenue growth Adobe Sign Agile Transformation CoE Delivery solution E-Signatures Electricity Global Technology HealthcareTechnologies Innovation in Healthcare Relationship Management Transportation Accounts Receivable (AR) Big Data Technology CORE Cloud Technology Cognitive learning Days Sales Outstanding (DSO) Logistics Services Operational Excellence Example Risk Management business process automation transformation journey Covid-19 Data Entry Digital Experience Digital Network Digital Network Assistant (DNA) Digitization Drinks Enterprise architecture as an enabler HR Internet Media NPS Net Promoter Score Program Management Portal (PgMP) Six Sigma Sustainability TechXLive The New Era of Automation Automated Money Movement Banking & Financial Services Biopharmaceutical Blue Room Effect Capital Market Creative Passion Digital Transformation Workplace Live Digital Workforce Digitalization ERP Transformation Effective Change Leaders Finance Global Operations (FGO) Financial Services Software Frameworks Hoshin Planning Human Capital Lean Culture Natural Gas Infrastructure Natural Language Processing Organizational Change Pharmaceutical Pharmaceuticals & Life Sciences Project manager Reduce your RPA TCO Supply Chain Management Sustainable Growth The Document is Dead The Fully Automated Contact Center Transformation Initiatives Workplace Analytics eForms eSignatures 3D Thinking BEAM BFARM BTOES17 Big Data Processing Building Your Future Workforce in Insurance Business Analytics Business Growth Business Process Governance Centralized Performance Monitoring System Communication Creativity Digital Technologies Digital Technology Educational Psychologist Energy Management Health Insurance Health Maintenance Organizations Hospitality & Construction Human Centered Design Integrated Decision Approach Integrated Decision Making Intelligent Document Processing Kaizen Medicare Moodset for Excellence Natural Language Processing (NLP) Offering Managers Oil and Gas Optical Character Recognition (OCR) Pharmaceuticals and Life Sciences Photographing Price and Routing Tracking (PART) Process Design Document (PDD) Product Identifier Descriptions (PIDs) Python Quote to Cash (Q2C) Resilience SAP Sales Quota Team Work Telecommunications Text Mining Visually Displayed Work Culture master text analytics virtual resource management

Proqis Digital Virtual Conference Series

View our schedule of industry leading free to attend virtual conferences. Each a premier gathering of industry thought leaders and experts sharing key solutions to current challenges.

Webinars

 

Delivered by Progressive Thought-Leaders

 

Watch On-Demand Recordings For Free

Watch On-Demand Recording - Access all sessions from progressive thought leaders free of charge from our industry leading virtual conferences.
 

Best-In-Class Training

Delivered by the industry's most progressive thought leaders from the world's top brands.
Start learning today!
 

BTOES From Home - On-Demand

The premier Business Transformation & Operational Excellence Conference. Watch sessions on-demand for free. Use code: BFH1120

Proqis Digital Virtual Conference Series

View our schedule of industry leading free to attend virtual conferences. Each a premier gathering of industry thought leaders and experts sharing key solutions to current challenges.

Webinars

 

Delivered by Progressive Thought-Leaders

 

Watch On-Demand Recordings For Free

Watch On-Demand Recording - Access all sessions from progressive thought leaders free of charge from our industry leading virtual conferences.
 

Best-In-Class Training

Delivered by the industry's most progressive thought leaders from the world's top brands.
Start learning today!
 

BTOES From Home - On-Demand

The premier Business Transformation & Operational Excellence Conference. Watch sessions on-demand for free. Use code: BFH1120