Today (Thursday 6 May) is World Password Day, and security experts are urging businesses and individuals to ensure they have basic protections – such as strong passwords and high levels of cybersecurity awareness – in place to protect them against a rising tide of cyberattacks.
Duane Nicol, cybersecurity expert at Mimecast, says cybercriminals are capitalising on poor password hygiene and a lack of cybersecurity awareness from end users to bypass an organisations’ defences – with potentially ruinous consequences.
“Our recently released State of Email Security 2021 report found increases in all attack types over the past year, as the pandemic and switch to remote work created new vulnerabilities that cybercriminals are working hard to exploit. In response, organisations should build greater cyber resilience by implementing updated security controls and prioritising regular cybersecurity awareness training to protect employees – and the business – from attack.”
The research shows that 74% of South African respondents believe that their employees’ poor password hygiene is putting their company at risk. In addition, 52% of South African organisations expect security naïve employees to be their biggest email security challenge in 2021, compared to a global average of 43%. Studies have also suggested that human error plays a role in up to 90% of all successful breaches.
“Our research has found that users that are exposed to regular cybersecurity awareness training were more than five times less likely to click on dangerous links originating from phishing emails,” says Nicol. “Despite this, ongoing cybersecurity awareness training is only provided at one out of three South African organisations, and nearly half (46%) train employees once a quarter or less frequently.
He says that good password hygiene and high levels of awareness of different cyberattack types are proven methods for reducing the risk of an attack and protecting organisations and their employees.
“Effective training is engaging, interesting and frequent and amongst other things encourages users to regularly update their passwords and teaches them how to identify phishing emails that could be tricking them into handing over sensitive information. Users should always use passphrases as these are far harder to crack, make use of IT approved password managers and ensure they aren’t using the same password across multiple platforms.
“Having unique passwords across personal and company platforms will ensure that if a person’s social media profile is phished for example, they aren’t at risk of having a corporate account compromised. Effective cybersecurity awareness training should therefore be the bedrock of any modern organisation’s cybersecurity efforts.”