Strengthening cyber hygiene for safer online transactions

In an ever-worsening cyber landscape, an organisation’s continuity should never be left to a roll of the dice on a weak password.

With upwards of 30 billion devices connected online today and ransomware attacks set to occur every two seconds by 2031, data has never been at greater risk of exploitation. Passwords are the first line of defence for accessing data. However, many passwords are currently inadequate and are increasingly exposed to modern cyberattack techniques.

According to the Cyber Security Agency of Singapore (CSA), using “password” as a password takes under a second to hack, but it remains one of Singapore’s 100 most popular passwords. CSA also noted that there is a prevalence of the same passwords being used across multiple accounts. These findings are alarming given that cyberattacks are now firmly a matter of ‘when’ not ‘if’ and malicious actors can access the processing technology they need for as little as US$1,500.

World Password Day is a timely reminder that passwords are a constant not fixed state, which must be strengthened with additional capabilities and best practices to ensure access to precious data is not provided to malicious actors. The following capabilities are vital for organisations looking to strengthen their data security and data access:

• Multi-factor Authentication (MFA) strengthens platform security by requiring users to verify their identity using more than just a username and password. MFA ensures that users authenticate login requests and their passwords by using a unique response that only they can provide like a mobile phone challenge or TOTP.

• Role-based Access Control (RBAC) assigns specific privileges based on user roles, reducing data breach and insider threat risks. This minimises risk and prevents employees from overreaching into areas beyond their responsibilities and minimises risk in the event a password is compromised.

• Quorum is an authorisation method that requires approval from at least two individuals, preventing single-user or compromised credential exploitation. This capability means no single compromised account can make unilateral changes or impact business critical operations.

If malicious actors successfully take over an employee’s account through a compromised password, AI-powered anomaly detection is vital for alerting IT teams to unplanned or abnormal changes in data size or format, as this is often indicative of malicious activity. By detecting anomalies early, organisations can respond by either mitigating potential threats before they escalate or recovering quickly if an attack is already underway.

Sathish Murthy is the systems engineering lead for Asean and India at Cohesity

See Also:

• Click here to stay updated with the Latest Business & Investment News in Singapore

• The decluttered era of cybersecurity: A journey to consolidation

• Digital battlegrounds: How Singapore’s FSIs can balance innovation and security

• MAS to strengthen financial services' cyber resilience with Mastercard MOU

• Read more stories about where the money flows, and analysis of the biggest market stories from Singapore and around the World

• Get in-depth insights from our expert contributors, and dive into financial and economic trends

• Follow the market issue situation with our daily updates

• Or want more Lifestyle and Passion stories? Click here