Subscribe
Effective Problem-Solving skills applying Lean A3 methodology

Online Course

15th, 17th & 19th May 2023

Leading in Lean Transformations: To inspire your team and reach extraordinary results

Online Course

24th - 25th May 2023

The Business Operating System

Online Course

5th, 8th, 12th & 15th June 2023

Operational Excellence for Profit & Profitability

Online Course

28th, 29th & 30th June 2023

The Largest Premier Gathering of Cultural Transformation Leaders & Senior-Executives sharing key solutions to current & future CT challenges

Virtual Event

The Largest Premier Conference brings together business professionals for unparalleled insight into how the use of AI.

Virtual Event

The Largest Premier Gathering of RPA & IA Industry Leaders & Senior-Executives sharing key solutions to current & future RPA challenges.

Virtual Event

The Largest Premier Gathering of Enterprise Architecture Leaders & Executives sharing key solutions to current & future challenges

Virtual Event

Effective Problem-Solving skills applying Lean A3 methodology

Online Course

15th, 17th & 19th May 2023

Leading in Lean Transformations: To inspire your team and reach extraordinary results

Online Course

24th - 25th May 2023

Michael Rothschild
By
January 06, 2023

INSIGHTS ARTICLE: HYPR - 15 Years – And It All Comes Back to Passwords

BLOGS COMPANY LOGO - 2022-10-20T164820.243pillar%20page%20line%201

15 Years – And It All Comes Back to Passwords

The Verizon Data Breach Investigations Report (more affectionately known as “The DBIR”) reached a notable milestone. The 15th annual edition was released (and that has to be at least three internet lifetimes). The DBIR report contains 108 pages of detailed information and insights regarding types of attacks, attack surfaces, attack actors, and more. The data is sliced and diced in so many ways that every one that is anyone in the security community will find interesting data relevant to their role.
 
The 2022 DBIR did a great job of not only releasing new data but also with a nod to its 15-year anniversary, taking a retrospective look at some key findings and relating them back to the findings of 2008. These are some of the most interesting elements of the report for those that have been in security for some time because there have been both major changes and static trends from 2008 to 2022. These nuggets of information can help us better understand the trajectory of threats and how we, as security ambassadors, should react and help architect our infrastructures for the future.
 
The Myth and Reality of the Insider Threat
Two specific report elements really stood out to me. For years, we consistently talked about the “insider threat.” Specifically, how an organization’s most valuable asset, namely its people, constituted the biggest threat. In the 2022 DBIR report, while 82% of the attacks involved a human element, most of the attacks came from outside the organization. This is not to say that insiders played no role, but the good news is that most employees, partners, and subcontractors, who are all insiders, did not knowingly or purposefully contribute to an attack. With ongoing education and reinforcement of best security practices to our “most expensive asset,” organizations are well down the road to making the number of unintentional insider threats trend downward. Even more important, however, is to eliminate opportunities for unintentional breaches. This brings me to the second element.
 
Credentials, Credentials, Credentials
The second glaring metric was the use of credentials in an attack. Attacks such as phishing, man-in-the-middle (MitM), smishing, brute force, credential stuffing, and social engineering (both online and offline) are all attacks that are architected to lift passwords and other credentials to gain access to a system. This is the master skeleton key that gives hackers and cybercriminals the portal to perform reconnaissance and launch attacks anywhere anytime and anyhow they want. Whether harvesting data, ransoming information, taking down a system, or causing a catastrophic failure, most attacks can be traced back to a stolen, compromised, or misused password.
 
The Achilles heel of most organizations is the use of the password. Passwords were originally conceptualized and used to book time on mainframe computers they were never meant to be a form of authentication or security. They certainly were not meant to serve as a security staple in the way we use them today. And while over time, we have added layers of protection on top of the password, such as one-time passwords, tokens, and push notifications, these never lived up to the level of security needed. All it really did was provide a false sense of security and add a ton of friction to the user experience. So, in essence, we are in a very similar position to where we were 15 years ago.
 
Event Email Graphic Virtual Conferences (46)
Remove Passwords, Remove the Risk
Moving forward, organizations need to remove passwords from their security arsenal. This, of course does not mean that we should run everything wide open, but rather that we need to adopt multi-factor authentication (MFA) that is passwordless. Phishing-resistant MFA is recommended in guidance put out by CISA, the OMB and many countries all over the world, with FIDO certification the designated gold standard. Instead of relying on a string of letters and numbers to keep things secure, we can go passwordless in a way that completely eliminates shared secrets. By using public and private key exchanges that are invoked by the user, rather than by a server (which can easily be spoofed), credentials are removed as an avenue of attack.
 
With constantly changing attack surfaces and attack vectors, organizations need to look at how people authenticate and gain access to systems starting with the desktop and extending to the cloud. Our ability to conquer the password issue as the origin for many other attacks will put us in a remarkably more secured position as a community than we are today. We can fix the way the world logs in and we do not have to wait another 15 years to effect this change right here, right now.
 

pillar%20page%20line%201

 


The Business Transformation & Operational Excellence Industry Awards

The Largest Leadership-Level Business Transformation & Operational Excellence Event

opex_assembly

business_assembly

Proqis Digital Virtual Conference Series

View our schedule of industry leading free to attend virtual conferences. Each a premier gathering of industry thought leaders and experts sharing key solutions to current challenges.

Download the most comprehensive OpEx Resport in the Industry

The Business Transformation & Operational Excellence Industry Awards Video Presentation

Proqis Events Schedule

Proqis Digital

Welcome to BTOES Insights, the content portal for Business Transformation & Operational Excellence opinions, reports & news.

Submit an Article

300x3001c (1)
24097-Proqis-Media-Pack-Banner-300x300
ACCESS 50 VIDEO PRESENTATIONS
Access all 75 Award Finalist Entires
RESEARCH REPORT 2021/2022
BTOES AWARD - NO DATE
BTOES UNIVERSAL GRAPHIC - NO DATE
Subscribe to Business Transformation & Operational Excellence Insights Now
btoes19.png
png
ATTENDEE - Proqis Digital Event Graphics (2)-1
ATTENDEE - Proqis Digital Event Graphics (1)-1
1-Apr-10-2023-02-56-57-6379-PM
2-Apr-10-2023-02-57-34-8161-PM
3-Apr-10-2023-02-58-14-7752-PM
4-Apr-10-2023-02-58-31-2399-PM
png

Featured Content

  • Best Achievement of Operational Excellence in Technology & Communications: IBM
  • Best Achievement of Operational Excellence in Oil & Gas, Power & Utilities: Black & Veatch
  • Best Achievement in Cultural Transformation to deliver a high performing Operational Excellence culture: NextEra Energy
   
Operational Excellence Frameworks and Learning Resources, Customer Experience, Digital Transformation and more introductions
  • Intelligent BPM Systems: Impact & Opportunity
  • Surviving_the_IT_Talent_deficit.png
  • Six Sigma's Best Kept Secret: Motorola & The Malcolm Baldrige Awards
  • The Value-Switch for Digitalization Initiatives: Business Process Management
  • Process of Process Management: Strategy Execution in a Digital World

Popular Tags

Speaker Presentation Operational Excellence Business Transformation Business Improvement Process Management Business Excellence Continuous Improvement process excellence Process Optimization Process Improvement Award Finalist Case Study Digital Transformation Leadership Enterprise Excellence Change Management Lean Premium Organizational Excellence Lean Enterprise Lean Six Sigma Execution Excellence Capability Excellence New Technologies Changing & Improving Company Culture Insights Article Agile end-to-end Business Transformation Enterprise Architecture Execution & Sustaining OpEx Projects Leadership Understanding & Buy-In Lack of/Need for Resources Culture Transformation Adapting to Business Trends Changing Customer Demands Failure to Innovate Integrating CI Methodologies Lack of/Need for Skilled Workers Lack of/Need for Support from Employees Maintaining key Priorities Relationships Between Departments BTOES18 RPA & Intelligent Automation Live BTOES From Home Financial Services Process Mining Technology Customer Experience Excellence Healthcare iBPM Healthcare and Medical Devices Process Automation Culture Customer Experience Innovation Cultural Transformation Webinar BTOES Video Presentations Exclusive BTOES HEALTH Strategy Execution Business Challenges Digital Process Automation Report Industry Digital Workplace Transformation Manufacturing Robotic Process Automation (RPA) IT Infrastructure & Cloud Strategies Supply Chain Planning Automation BPM innovation execution AI Lean Manufacturing Artificial Intelligence Oil & Gas Robotic Process Automation IT value creation Agility Business Speaker Article Systems Engineering RPAs Insurance Process Design Digital Speaker's Interview data management digital operations Awards Business Process Management thought leaders BTOES Presentation Slides Cloud Intelligent Automation Machine Learning Data Analytics Digital Transformation Workplace Transformation Banking and Capital Markets Data Finance Professional Services Education IT Infrastructure IT Infrastructure & Cloud Strategies Live Blockchain Interview BTOES Solving Cash Flow with AI White Paper investment banking BTOES19 Consumer Products & Retail Enterprise Agile Planning Government Operational Excellence Model Project Management Algorithm Analytics Insight Automotive and Transportation Banking Business Environment Digital Bank Hybrid Work Model Primary Measure of succes Relationship Management Sales business expansion revenue growth Adobe Sign Agile Transformation CoE Delivery solution E-Signatures Electricity Enterprise architecture as an enabler Global Technology HealthcareTechnologies Innovation in Healthcare Transportation Accounts Receivable (AR) Big Data Technology CORE Cloud Technology Cognitive learning Days Sales Outstanding (DSO) Logistics Services Operational Excellence Example Risk Management business process automation transformation journey Covid-19 Data Entry Digital Experience Digital Network Digital Network Assistant (DNA) Digitization Drinks HR Internet Media NPS Net Promoter Score Program Management Portal (PgMP) Reduce your RPA TCO Six Sigma Sustainability TechXLive The Document is Dead The New Era of Automation Automated Money Movement Banking & Financial Services Biopharmaceutical Blue Room Effect Building Your Future Workforce in Insurance Capital Market Creative Passion Digital Transformation Workplace Live Digital Workforce Digitalization ERP Transformation Effective Change Leaders Finance Global Operations (FGO) Financial Services Software Frameworks Hoshin Planning Human Capital Lean Culture Natural Gas Infrastructure Natural Language Processing Organizational Change Pharmaceutical Pharmaceuticals & Life Sciences Project manager Supply Chain Management Sustainable Growth The Fully Automated Contact Center Transformation Initiatives Workplace Analytics eForms eSignatures 3D Thinking BEAM BFARM BTOES17 Big Data Processing Business Analytics Business Growth Business Process Governance Centralized Performance Monitoring System Communication Creativity Digital Technologies Digital Technology Educational Psychologist Energy Management Health Insurance Health Maintenance Organizations Hospitality & Construction Human Centered Design Integrated Decision Approach Integrated Decision Making Intelligent Document Processing Kaizen Medicare Moodset for Excellence Natural Language Processing (NLP) Offering Managers Oil and Gas Optical Character Recognition (OCR) Pharmaceuticals and Life Sciences Photographing Price and Routing Tracking (PART) Process Design Document (PDD) Product Identifier Descriptions (PIDs) Python Quote to Cash (Q2C) Resilience SAP Sales Quota Team Work Telecommunications Text Mining Visually Displayed Work Culture master text analytics virtual resource management

Proqis Digital Virtual Conference Series

View our schedule of industry leading free to attend virtual conferences. Each a premier gathering of industry thought leaders and experts sharing key solutions to current challenges.

Webinars

 

Delivered by Progressive Thought-Leaders

 

Watch On-Demand Recordings For Free

Watch On-Demand Recording - Access all sessions from progressive thought leaders free of charge from our industry leading virtual conferences.
 

Best-In-Class Training

Delivered by the industry's most progressive thought leaders from the world's top brands.
Start learning today!
 

BTOES From Home - On-Demand

The premier Business Transformation & Operational Excellence Conference. Watch sessions on-demand for free. Use code: BFH1120

Proqis Digital Virtual Conference Series

View our schedule of industry leading free to attend virtual conferences. Each a premier gathering of industry thought leaders and experts sharing key solutions to current challenges.

Webinars

 

Delivered by Progressive Thought-Leaders

 

Watch On-Demand Recordings For Free

Watch On-Demand Recording - Access all sessions from progressive thought leaders free of charge from our industry leading virtual conferences.
 

Best-In-Class Training

Delivered by the industry's most progressive thought leaders from the world's top brands.
Start learning today!
 

BTOES From Home - On-Demand

The premier Business Transformation & Operational Excellence Conference. Watch sessions on-demand for free. Use code: BFH1120