Passwords do nothing, IT pros say

IT security experts have completely lost faith in passwords, with the majority now believing they can do little to stop modern hacking techniques.

Those are the results of a survey conducted by security firm Lieberman Software Corporation, during the RSA 2016 Conference in San Francisco, where it polled nearly 200 cyber security professionals. According to the poll, 53 per cent don’t believe passwords can stop modern hacking techniques.

“These results really tap into the mindset of the IT security industry,” said Philip Lieberman, President and CEO of Lieberman Software. “If the vast majority of respondents think passwords are failing, then it’s time to rethink how we’re using them. Attackers use automated methods to brute force credentials and gain privileged access to enterprise networks - often in a matter of minutes. Once they’re inside, they can nest there anonymously, biding their time until it’s opportune to strike. To counter this threat, organizations should take the same automated approach and apply it to their privileged credentials. Changing credentials continuously in a non-disruptive way would go a long way toward keeping the bad guys from gaining unrestricted access on the network.”

But it’s not just the password that’s failing modern-day businesses, trying to protect themselves. For 45 per cent of IT professionals, all the IT security technology deployed in their organisations can’t help them defend.

“I’m not surprised that almost half of IT security professionals aren’t prepared to defend against modern cyber attacks,” Lieberman continued. “Today’s advanced threats can defeat the conventional perimeter security tools that organizations rely upon. Once the attacker gets past the perimeter, all they need to do is compromise just one privileged credential to move from system to system on the network, extracting sensitive data along the way. This comes back to the notion that passwords are failing IT security. If organizations cannot secure the credentials hackers need to gain privileged access, the massive data breaches we keep reading about in the news are only going to increase.”