How Big is Your Password Exposure?
Nowadays, passwords are used in all organizations. They are the end points through which people access the
right information and tools they need to do their job. As such, they present the largest ‘surface of
attack’ for hackers.
Some companies rely on centralized solutions like Active Directory. But as with cloud
password managers, centralizing all password access points increases the risk at a single ‘point of
With 3 billion passwords for sale online, weak and ‘breachable’ passwords represent a
serious risk companies can no longer afford to take.
Cover Your Biggest Surface of Attack
In just a few years, companies’ surface of attack has expanded from business systems and infrastructures
to the entire workforce – from junior employers to chief executives or anyone in the company who is
online. In the meantime, people have not changed how they use passwords:
- Over 50% rely on just memory
- 32% save them in a web browser
- 26% save them on a spreadsheet, and;
- 26% write them down.
With the number of passwords reaching the hundreds, it is unsurprising to know that hackers have moved
their main point of attack to passwords. Now, 81% of data breaches start with weak, stolen or reused
The statistics speak for themselves. A government report revealed that nearly 45% of UK businesses have
experienced a cyberattack in the last 12 months, with all sectors and companies of all sizes being
targeted. No one is safe.
Before it is too late
Through a ripple effect, entire communities and supply chains are at risk when there is a data breach.
Stolen personal data on employees, customers and suppliers exposes not just them but also their networks.
Contrary to the brick and mortar age, a breach in the digital age has far reaching consequences. Take, for
example, the data breach at Equifax which immediately affected 143 million people around the world.
Unfortunately, most businesses don’t even realize that they have had a cybersecurity breach – with 93% not
discovering data breaches for several weeks. And, in a span of just a few weeks, a huge amount of damage
can be done to a business. Hackers can install malware on employees’ workstations in order to extract
highly sensitive information from a company’s network before they even realize that their security has
been compromised. High profile examples include Nortel which eventually collapsed in 2009, and Citrix who
had gotten hacked six months prior to being officially alerted by the FBI.
And the risk of password breaches continues to mount. After 2018 being the worst year in cyber security
breaches, 2019 started with the largest username and password leaks ever documented in history with the
publication of “Collection #1” then “Collections #2-5”. And, more credentials get added on a daily basis
on hacking sites, making the success rate of credential stuffing hackers soar higher by the day.