Four Security Themes to Keep in Mind this Cybersecurity Awareness Month

Since 2004, the US has proclaimed October as Cybersecurity Awareness Month. This is to assist citizens in securing themselves online as dangers to technology, and sensitive data grow more prevalent. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) coordinate to increase cybersecurity awareness on a national and global scale.

Passwords and other knowledge-based authentication techniques have been supplanted by passkeys and biometrics in cybersecurity.However, organizations need to be cautious as passkeys also have issues. These include tech ecosystem lock-in, user experience (UX) concerns on platforms not incorporating FIDO2, and password recovery issues. Moreover, passkeys cannot provide the degree of identity assurance and authenticity management required by enterprises.

On the other hand, passwordless FIDO2 authentication offer a robust security. Apple revealed at its Worldwide Developer Conference this summer that it would deploy passwordless logins for all its devices. Apple, Microsoft, and Google (Alphabet Inc.) have each committed to passwordlessprograms.

Passwords have become outdated and are causing major data breaches each year. LastPass, one of the prominent password managers with over 25 million users, acknowledged in August 2022 that it had been hacked. Since experts have determined that the typical individual has more than 100 passwords, the LastPass breach compromised more than 2.5 billion credentials.

According to the company’s chief executive officer, an unauthorized party accessed portions of the LastPass development environment through a single stolen developer account. The bad actor stole source code and certain confidential LastPass information. 

The corporation also said there was no indication of unauthorized access to encrypted password vaults or client data. This is not LastPass’s first security incident, nor will it likely be the last, given the surge in compromised credentials and the increasing sophistication of cybercrimes.

Password managers have often been commended as one of the secure means of storing and retrieving knowledge-based login credentials.They also offer several advantages. They promote more secure passwords, allow users to use various passwords for different accounts, and often include autofill capabilities to enhance the user experience.

The possibility of a password manager holding billions of passwords being hacked is unsettling, especially given that some of the most infamous breaches were triggered by a single leaked credential. Compromised credentials are among the leading causes of security breaches. According to the 2022 Verizon data breach report, roughly half of the firms infiltrated in 2021 were accessed using stolen or compromised credentials.

Strong cybersecurity is needed to prevent unwanted access to any data. Itdefends devices and services against electronic assaults from hackers, spammers, and cybercriminals. Cybersecurity procedures and technologies protect key systems and sensitive data from an ever-increasing number of emerging threats

Cybersecurity protects all data types from theft and harm. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, and organizational information systems. Firms cannot defend themselves against data breach operations without a cybersecurity program.

Also, a zero-trust approach implements controls that establishes the authenticity and intent of every person, device, and connection that requests access to the organization. To learn more about establishing stronger cybersecurity system, check the article below from authID to learn the four security themes to keep in mind this cybersecurity awareness month.