By: Krupa Srivatsan, Director of Product Marketing at Infoblox
Let’s be honest, our digital lives have us drowning in passwords. The average person manages anywhere between 60 and 90 password-protected accounts–a number that goes up for IT professionals. In an ideal world, each password would be a unique set of randomly generated characters and numbers. But that doesn’t really happen.
A 2019 Google study found that 75% of the Americans admit to struggling with so many passwords, that many end up reusing the same password across multiple accounts. As a result, your office assistant may be using the same password for his/her system login as for social media – a scary thought but a very real one.
Weak passwords represent a cybersecurity threat for organizations already struggling with security compliance during remote work and the blurring of personal and professional spaces. In fact, more than 80% of data breaches involved brute force or stolen credentials.
Organizations need to take a few extra steps to ensure that they don’t compromise on security while their employees are working at home. Improved last-mile endpoint security solutions paired with password best practices can help improve network security. Some techniques include:
In 2019, 76% of businesses that fell prey to phishing attacks did so through fraudulent emails. Relying on end users to stay alert to constantly evolving tactics is not realistic and will always fail. A better solution is to ensure that the entire security stack is using the latest threat intel so that it can proactively detect malicious traffic and block phishing attacks.
Adding an extra layer of security with biometric or 2-step authentication offers better security, according to 65 percent of IT professionals recently surveyed on the topic. Even where biometric authentication is not always feasible, Multi Factor Authentication can block a significant number of attacks.
Organizations can leverage the benefits of a DNS-first approach for a wide variety of detection and protection purposes, both on and off-premises. Because it sits at the core of the network and touches every device that connects to it, DNS is a powerful tool that can be used to catch the more than 90% of malware that uses it to enter or exit a network. DNS layer security stops attacks such as ransomware, phishing, exploits early in the kill chain and close to the compromised endpoint, while blocking DNS-specific threats like FastFlux, DGAs and DNSMessenger, that other tools miss.
Most organizations consider DNS to be a critical part of their investigation and response capabilities for the visibility it provides over the network. DNS, DHCP and IPAM provides critical forensic information that allows security operations teams to quickly triage and prioritize response to events.
At the 2004 RSA Conference, Bill Gates predicted the death of passwords. Seventeen years later and passwords are not only still in use, but remain our primary method for accessing systems and user accounts. While options to strengthen the password like password managers and multi-factor authentication are being increasingly adopted, it remains apparent that they are insufficient. For better or for worse, passwords are here to stay, and so a fundamentally new approach is necessary to protect the network and individual users from data breaches and cyber attackers, one that gives security teams the ability to identify and block attacks before they happen.