The disappearing perimeter and the rise of identity management
The mass-scale shift to remote work has forced organisations’ IT security teams to rapidly adjust their security strategies to accommodate the new working arrangements. Traditional security perimeters once safeguarded employees who worked from the office, however, this is no longer a valid option for the future of work.
With remote work comes a string of considerations that security leaders need to address that fall outside the security perimeter as we know it. For one, employees are accessing the network via a number of devices that may not have been vetted by IT teams. Additionally, organisations are increasingly migrating to the cloud and adopting Software-as-a-Service (SaaS) products for business continuity, cost efficiencies and digital transformation initiatives, which make it extremely difficult to manage security at the edge (where all transactions happen) and monitor all activity.
Thanks to the integration of SaaS products and the move to cloud environments, perimeter-based security is no longer effective. The traditional security architecture that consists of a VPN and firewall for example, are not going to work in the new working environment. Employees need to be more vigilant than ever about how they handle their credentials as they increasingly work outside the traditional security perimeter. Poor password habits are a huge catalyst for security threats to a business.
According to Verizon’s Data Breach Investigations Report, weak, reused and shared passwords are the root cause of 80% of all data breaches. This number will likely rise if organisations fail to maintain or uplift their security hygiene amid changes to the work environment. That is why to protect users of modern technology, IT teams’ focus needs to shift to risk mitigation by managing identity.
Concerning password behaviours on the rise
As work-life truly blends into one with the increase in work from home, Bring Your Own Device (BYOD) and Bring Your Own App (BYOA) is inevitable. Many workplaces don’t have a choice, as company-issued laptops or phone systems may be difficult to distribute — whether due to budget, manpower, or resource challenges. So, more employees are using personal laptops and smartphones to do their work. But the dark side of this new norm means an existing problem — shadow IT which refers to the devices and applications introduced into a workplace that are not managed by the IT department — is now exponentially worse.
This means the need for safer credentials has accelerated as employees are reusing passwords across work and personal emails, social media platforms, and corporate and personal apps like Netflix or Spotify. According to LastPass’ Psychology of Password report, 90% of Australians know password reuse is insecure, yet two-thirds do it anyway.
Other key findings include:
Global cyber threats continue to skyrocket but password behaviours unchanged
54% of Australians reported not changing passwords in the past 12 months despite a breach in the news, compared to 53% globally.
Security-conscious thinking doesn’t translate to action
The data showed several contradictions, with respondents saying one thing and in turn, doing another. Australians feel more informed on password best practices (80% compared to 77% globally), yet 51% still try to memorise passwords leading to 29% resetting their passwords once or more a month because they forgot them. Overall, 80% of respondents are concerned with having their passwords compromised, and yet 48% never change their password if not required.
Fear of forgetfulness = number one reason for password reuse
Most respondents (66%) use the same password for multiple accounts, which surprisingly has gone up 8% from our 2018 findings. Why? The fear of forgetting login information continues to be the number one reason for password reuse (60%), followed by wanting to know and be in control of all of their passwords (52%).
Why Identity Management is the answer
With people spending more time online, the evolution of cybersecurity threats and the unchanged behaviour in creating and managing passwords creates a new level of concern around online security. There are several functions of security that must work in tandem to protect organisations that no longer operate within a perimeter. Understandably, authentication practices have become a significant indicator of one’s security posture.
Identity Management solutions like LastPass Identity are an effective way of managing this cognitive dissonance and enhancing user experience while maintaining complete control over every access point. Single-Sign-On (SSO) and federations for example, enable organisations to keep operating optimally no matter where the user is located, however it’s not the silver bullet as many legacy applications are not covered. While Multi-factor Authentication (MFA) provides an additional layer of risk-based security minimising the impact on users, proper password management is still required.
Ultimately, if authentication processes aren’t streamlined or user-friendly, both IT teams and employees will be deterred from practising good password hygiene. Learn what Identity Management can do for your employees and IT team to securely work from anywhere.
The ideal future is one in which security and networking work in harmony to deliver enhanced...
Choosing the right antivirus solution for your business is an important decision that can save...
As the use of mobility technologies increases across Australia, so do security threats, with...