World Password Day: Stronger authentication needed as AI-assisted cyberattacks continue
May 2024 by IEEE
Following the UK cracking down on the use of default passwords this week,during the 11th annual World Password Day, where organisations and individuals are reminded of the importance of using strong passwords and practicing good password hygiene. This is particularly important as artificial intelligence (AI) or generative-AI (GenAI) assisted cyberattacks are on the rise. In fact, a recent survey found that 93 percent of business leaders across the UK and US expect to face daily AI-driven attacks by the end of the year.
Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, shares the best practices for keeping personal data safe:
“Generative AI (GenAI) is being used by threat actors to create highly personalised and convincing messages, making it even harder for victims to identify fraudulent activities. It can now automate complex attack techniques, producing realistic content and even manipulate images and videos, generating human-like voices, which can exploit vulnerabilities in voice verification systems. These advancements necessitate additional security measures, especially for organisations that heavily rely on voice verification.
“Businesses need to stay ahead of these emerging threats. Fostering a culture of scepticism, encouraging employees to scrutinise multimedia content critically, and providing training on how to identify potential deepfake manipulation is crucial to mitigating these risks within a business.
“The evolution of cyber threats requires even stronger cyber hygiene practices – regularly updating software and applications to patch vulnerabilities hackers might exploit is a start. But it is crucial to implement multi-factor authentication for important tasks like financial transactions or access to sensitive data. Enforcing complex, unique passwords and adding multi-factor authentication will be key.”
Steven Furnell, IEEE senior member and professor of cybersecurity at the University of Nottingham:
“Staff are often the cause for cybersecurity issues, simply because they do not know any better and often make poor choices. With passwords, as with other aspects of cyber hygiene, users need to learn the basic principles, security leaders cannot assume that they already know them. The latest UK Cyber Security Breaches Survey paints a worrying picture about some aspects of cyber security and our direction of travel.
“Training, more specifically, the quality of training that staff will be provided, is just ‘assumed’. The proportion of people who have actually received thorough training in the ‘whys’ and ‘wherefores’ of choosing and managing passwords effectively is likely to be rather small. The progressive decline in cyber hygiene highlighted in the report suggests that security is seen as something that can be sacrificed in tough times. Given the general lack of regular awareness, we need to move the dial somehow.”