Michael Rothschild
July 15, 2023

INSIGHTS ARTICLE: HYPR - 15 Years – And It All Comes Back to Passwords.

BLOGS COMPANY LOGO - 2022-10-20T164820.243pillar%20page%20line%201

15 Years – And It All Comes Back to Passwords

The Verizon Data Breach Investigations Report (more affectionately known as “The DBIR”) reached a notable milestone. The 15th annual edition was released (and that has to be at least three internet lifetimes). The DBIR report contains 108 pages of detailed information and insights regarding types of attacks, attack surfaces, attack actors, and more. The data is sliced and diced in so many ways that every one that is anyone in the security community will find interesting data relevant to their role.
The 2022 DBIR did a great job of not only releasing new data but also with a nod to its 15-year anniversary, taking a retrospective look at some key findings and relating them back to the findings of 2008. These are some of the most interesting elements of the report for those that have been in security for some time because there have been both major changes and static trends from 2008 to 2022. These nuggets of information can help us better understand the trajectory of threats and how we, as security ambassadors, should react and help architect our infrastructures for the future.
The Myth and Reality of the Insider Threat
Two specific report elements really stood out to me. For years, we consistently talked about the “insider threat.” Specifically, how an organization’s most valuable asset, namely its people, constituted the biggest threat. In the 2022 DBIR report, while 82% of the attacks involved a human element, most of the attacks came from outside the organization. This is not to say that insiders played no role, but the good news is that most employees, partners, and subcontractors, who are all insiders, did not knowingly or purposefully contribute to an attack. With ongoing education and reinforcement of best security practices to our “most expensive asset,” organizations are well down the road to making the number of unintentional insider threats trend downward. Even more important, however, is to eliminate opportunities for unintentional breaches. This brings me to the second element.
Credentials, Credentials, Credentials
The second glaring metric was the use of credentials in an attack. Attacks such as phishing, man-in-the-middle (MitM), smishing, brute force, credential stuffing, and social engineering (both online and offline) are all attacks that are architected to lift passwords and other credentials to gain access to a system. This is the master skeleton key that gives hackers and cybercriminals the portal to perform reconnaissance and launch attacks anywhere anytime and anyhow they want. Whether harvesting data, ransoming information, taking down a system, or causing a catastrophic failure, most attacks can be traced back to a stolen, compromised, or misused password.
The Achilles heel of most organizations is the use of the password. Passwords were originally conceptualized and used to book time on mainframe computers  they were never meant to be a form of authentication or security. They certainly were not meant to serve as a security staple in the way we use them today. And while over time, we have added layers of protection on top of the password, such as one-time passwords, tokens, and push notifications, these never lived up to the level of security needed. All it really did was provide a false sense of security and add a ton of friction to the user experience. So, in essence, we are in a very similar position to where we were 15 years ago.
Event Email Graphic Virtual Conferences (46)
Remove Passwords, Remove the Risk
Moving forward, organizations need to remove passwords from their security arsenal. This, of course does not mean that we should run everything wide open, but rather that we need to adopt multi-factor authentication (MFA) that is passwordless. Phishing-resistant MFA is recommended in guidance put out by CISA, the OMB and many countries all over the world, with FIDO certification the designated gold standard. Instead of relying on a string of letters and numbers to keep things secure, we can go passwordless in a way that completely eliminates shared secrets. By using public and private key exchanges that are invoked by the user, rather than by a server (which can easily be spoofed), credentials are removed as an avenue of attack.
With constantly changing attack surfaces and attack vectors, organizations need to look at how people authenticate and gain access to systems starting with the desktop and extending to the cloud. Our ability to conquer the password issue as the origin for many other attacks will put us in a remarkably more secured position as a community than we are today. We can fix the way the world logs in and we do not have to wait another 15 years to effect this change right here, right now.



The Business Transformation & Operational Excellence Industry Awards

The Largest Leadership-Level Business Transformation & Operational Excellence Event



Proqis Digital Virtual Conference Series

View our schedule of industry leading free to attend virtual conferences. Each a premier gathering of industry thought leaders and experts sharing key solutions to current challenges.

Download the most comprehensive OpEx Resport in the Industry

The Business Transformation & Operational Excellence Industry Awards Video Presentation

Proqis Events Schedule

Proqis Digital

Welcome to BTOES Insights, the content portal for Business Transformation & Operational Excellence opinions, reports & news.

Submit an Article

Access all 75 Award Finalist Entires
Subscribe to Business Transformation & Operational Excellence Insights Now
ATTENDEE - Proqis Digital Event Graphics-2
ATTENDEE - Proqis Digital Event Graphics (2)-1
ATTENDEE - Proqis Digital Event Graphics (1)-1

Featured Content

  • Best Achievement of Operational Excellence in Technology & Communications: IBM
  • Best Achievement of Operational Excellence in Oil & Gas, Power & Utilities: Black & Veatch
  • Best Achievement in Cultural Transformation to deliver a high performing Operational Excellence culture: NextEra Energy
Operational Excellence Frameworks and Learning Resources, Customer Experience, Digital Transformation and more introductions
  • Intelligent BPM Systems: Impact & Opportunity
  • Surviving_the_IT_Talent_deficit.png
  • Six Sigma's Best Kept Secret: Motorola & The Malcolm Baldrige Awards
  • The Value-Switch for Digitalization Initiatives: Business Process Management
  • Process of Process Management: Strategy Execution in a Digital World

Popular Tags

Speaker Presentation Operational Excellence Business Transformation Business Improvement Insights Article Continuous Improvement Process Management Business Excellence process excellence Process Optimization Process Improvement Award Finalist Case Study Digital Transformation Leadership Change Management Lean Enterprise Excellence Premium Organizational Excellence Lean Enterprise Lean Six Sigma Execution Excellence Capability Excellence Enterprise Architecture New Technologies Changing & Improving Company Culture Agile end-to-end Business Transformation Execution & Sustaining OpEx Projects Culture Transformation Leadership Understanding & Buy-In Lack of/Need for Resources Adapting to Business Trends Changing Customer Demands Failure to Innovate Integrating CI Methodologies Lack of/Need for Skilled Workers Lack of/Need for Support from Employees Maintaining key Priorities Relationships Between Departments BTOES18 RPA & Intelligent Automation Live Process Mining BTOES From Home Cultural Transformation Financial Services Customer Experience Excellence Process Automation Technology Healthcare iBPM Healthcare and Medical Devices Webinar Culture Customer Experience Innovation BTOES Video Presentations Exclusive BTOES HEALTH Strategy Execution Business Challenges Digital Process Automation Report Industry Digital Workplace Transformation Manufacturing Supply Chain Planning Robotic Process Automation (RPA) BPM Automation IT Infrastructure & Cloud Strategies Artificial Intelligence Business Process Management innovation execution AI Lean Manufacturing Oil & Gas Robotic Process Automation IT value creation Agility Business Speaker Article Systems Engineering RPAs Insurance Process Design Digital Speaker's Interview data management Intelligent Automation digital operations Six Sigma Awards thought leaders BTOES Presentation Slides Transformation Cloud Machine Learning Data Analytics Digital Transformation Workplace Banking and Capital Markets Data Finance Professional Services Education IT Infrastructure IT Infrastructure & Cloud Strategies Live Blockchain Interview Solving Cash Flow with AI BTOES White Paper investment banking Analytics Insight BTOES19 Consumer Products & Retail Enterprise Agile Planning Government Operational Excellence Model Project Management Algorithm Automotive and Transportation Banking Business Environment Digital Bank Enterprise architecture as an enabler Hybrid Work Model Primary Measure of succes Relationship Management Sales business expansion revenue growth Adobe Sign Agile Transformation CoE Delivery solution E-Signatures Electricity Global Technology HealthcareTechnologies Innovation in Healthcare Reduce your RPA TCO Transportation Accounts Receivable (AR) Big Data Technology CORE Cloud Technology Cognitive learning Days Sales Outstanding (DSO) Logistics Services Operational Excellence Example Risk Management business process automation transformation journey Covid-19 Data Entry Digital Experience Digital Network Digital Network Assistant (DNA) Digitization Drinks Effective Change Leaders HR Internet Media NPS Net Promoter Score Program Management Portal (PgMP) Sustainability TechXLive The Document is Dead The New Era of Automation Automated Money Movement Banking & Financial Services Biopharmaceutical Blue Room Effect Building Your Future Workforce in Insurance Business Process Governance Capital Market Creative Passion Digital Transformation Workplace Live Digital Workforce Digitalization ERP Transformation Finance Global Operations (FGO) Financial Services Software Frameworks Hoshin Planning Human Capital Lean Culture Natural Gas Infrastructure Natural Language Processing Organizational Change Pharmaceutical Pharmaceuticals & Life Sciences Project manager Supply Chain Management Sustainable Growth The Fully Automated Contact Center Transformation Initiatives Workplace Analytics eForms eSignatures 3D Thinking BEAM BFARM BTOES17 Big Data Processing Business Analytics Business Growth Centralized Performance Monitoring System Communication Creativity Digital Technologies Digital Technology Educational Psychologist Energy Management Health Insurance Health Maintenance Organizations Hospitality & Construction Human Centered Design Integrated Decision Approach Integrated Decision Making Intelligent Document Processing Kaizen Medicare Moodset for Excellence Natural Language Processing (NLP) Offering Managers Oil and Gas Optical Character Recognition (OCR) Pharmaceuticals and Life Sciences Photographing Price and Routing Tracking (PART) Process Design Document (PDD) Product Identifier Descriptions (PIDs) Python Quote to Cash (Q2C) Resilience SAP Sales Quota Team Work Telecommunications Text Mining Visually Displayed Work Culture master text analytics virtual resource management