Comment on World Password Day
As today is World Password Day, we wanted to share a comment on what organisations should focus on to minimise cyber-attacks from Oliver Cronk, Chief IT Architect, EMEA at Tanium.
“With the National Cyber Security Centre recently revealing that more than 10% of the UK population is using passwords that can be easily predicted, such as pet names and significant dates, it’s clear that there is still work to be done on IT hygiene to help protect both businesses and the public.
For businesses, that means using events like World Password Day to bring awareness and context to an important part of IT hygiene. But they shouldn’t stop with just passwords. It’s a good time to also examine their access protocols too. Breaking a weak password simply provides access. What a cyber attacker can do with that access is where organizations should focus their time.
As a large number of organisations continue to grant employees remote access to data and applications, they need to ensure they have the fundamentals of IT hygiene in place to protect against the increased attack surface that cyber attackers are looking to exploit. A key part of this is making sure that administrative rights have been managed effectively. We’ve seen cases in large companies where more than 20,000 users have had the wrong level of access to company data and applications. My advice would be to adopt the principle of least privilege and only give users access to the resources that are essential for them to do their jobs. This is an important aspect of a zero trust approach which requires each access point to be verified.”