Companies facing security challenges due to users' lax approach to cybersecurity. Suggestions needed for mitigating risks.
In the digital age, corporations are increasingly concerned about the security of their technology stacks, with many questioning whether they are potential targets for cyber-attacks. This concern is not unfounded, as a successful social engineering campaign, such as the July 2020 Twitter hack, can lead to malicious lateral movement within a system.
A recent Bitdefender survey, which included data from over 10,100 global participants between the ages of 18 and 65, sheds light on some concerning cybersecurity habits. The survey found that six in ten users experienced at least one cyberthreat in the last year.
One area of particular concern is password management. Only one-quarter of respondents use a password manager, while one-third rely on the autofill option on their devices. This lack of secure password practices leaves many users vulnerable to credential stuffing scenarios, which often occur when compromised passwords, typically exposed in another breach, are used.
Interestingly, password managers are more likely to be used on work devices rather than personal ones. However, this doesn't necessarily mean that personal devices are safer. In fact, despite the shift to remote work, the personal security habits of employees have not significantly changed since pre-pandemic times.
Companies cannot dictate user security behaviours online, but they can influence them through basic training. For instance, they should actively search for "blind spots" in their infrastructure and enforce the use of Multi-Factor Authentication (MFA) for corporate data access, even from personal devices.
In a corporate setting, it is assumed that "you can't trust anyone" due to the sheer volume and diversity of users. This assumption is reflected in the survey results, with more than half of users (52%) managing their passwords through memorization. This practice, combined with the lack of password managers and MFA, increases the risk of compromised passwords being used on the corporate network.
Despite these concerns, there is some positive news. Security organizations have changed for the better due to remote work, enforcing better monitoring and security tools. However, it's 2021, and there are still authentication forms that don't have MFA mandatory, which is a significant oversight in today's digital landscape.
Thirty percent of respondents do not use antivirus software for their mobile device, whether phone or tablet. This lack of protection leaves these devices open to potential attacks. Companies should encourage their employees to protect their devices, as they are often used to access work data.
In conclusion, while the digital landscape presents many challenges, there are steps that both corporations and individuals can take to improve their cybersecurity. By understanding the risks and taking proactive measures, we can work towards a safer digital future.
