Click here to get this post in PDF
Passwords are a common security feature in today’s business world. They establish a barrier designed to keep sensitive information safe, are used on everything from email to cloud storage to enterprise resource planning systems, and, in some cases, are the only line of defense protecting a company from a costly data breach.
Considering the business world’s heavy reliance on passwords as a form of cybersecurity, a recent report from cybersecurity expert Kaspersky should come as a troubling wake-up call. The report, which was released in June 2024, reveals that nearly half of all passwords can be cracked by cybercriminals in under a minute. The study that led to the report, which involved the testing of 193 million passwords, determined that cybercriminals could guess 45 percent in 60 seconds or less.
Kaspersky determined that 57 percent of the passwords explored in its study were inherently weak because they used a word from the dictionary. It cited “forever,” “love,” “Google,” and “gamer” as examples of popular words used in passwords, all of which are easy targets for attacks. Only 19 percent of the passwords involved what Kaspersky called a “strong combination” of characters, which includes a non-dictionary word, lowercase and uppercase letters, and numbers and symbols.
“Hollywood has given us the idea that today’s cybercriminals gain access to our organizations by carrying out complex and complicated attacks,” says Marcelo Barros, Global Markets Leader of Hacker Rangers. “In reality, cybercriminals act a lot like common thieves, seeking out the windows that don’t have effective security locks. As the Kaspersky study shows, the majority of the passwords being used today don’t provide a high level of security. Cybercriminals know that, which is why better security is essential.”
Barros is an IT veteran who has played an instrumental role in delivering cutting-edge cybersecurity solutions and services to clients around the world. Hacker Rangers is a leading gamification company that makes cyber awareness fun and engaging for organizations worldwide. Its online computer security training platform enhances cybersecurity and awareness by keeping entire organizations updated on the latest cybersecurity threats and the most effective ways to neutralize them.
Increasing the effectiveness of cybersecurity measures
Attacks that seek to gain unauthorized access to computer systems by guessing passwords are commonly known as brute force attacks. They utilize computer programs to submit possible passwords to a system’s login page until the correct one is found.
Brute force attacks are a favorite of cybercriminals because many people use easily guessed passwords, as the recent Kaspersky report reveals. Another recent study showed that brute force attacks rose 74 percent from 2021 to 2022, with the total annual number of yearly attacks continuing to rise in 2023 and 2024.
Because the majority of passwords used in corporate settings are employee-generated, cybersecurity training is the only reliable way to address password vulnerabilities.
“As cybersecurity platforms have become more effective, cyber attackers have shifted their strategy,” Barros warns. “Rather than challenging defense applications to identify weaknesses, they are now increasingly focused on exploiting human behavior, such as the bad decision to choose a weak password.”
The pillars of impactful password training
The best cybersecurity training helps employees understand the nature of the threat and how to play a role in thwarting it. Training targeting brute force attacks should educate employees on their goals, how they are deployed, and the consequences of a successful attack.
Brute force training should also cover strong password creation and password management. The Kaspersky report recommends employees choose passphrases rather than passwords. Utilizing phrases that combine common, unrelated words in unusual order with numbers, uppercase letters, and symbols — “aNyt!mE CuRl3r,” “deV10uS sPhiNx,” and “m0OnL1t oTt3R,” for example — increase the time it takes for brute force attacks to be effective. Kaspersky also encourages the use of unique passwords or passphrases for each service.
It is also important that training on brute force attacks be provided for all members of an organization.
“Every stakeholder in an organization should receive training on passwords,” Barros encourages. “Brute force attacks focus on exploiting an organization’s employees rather than its security framework so that they can be leveled against any employee — from the CEO to the newest entry-level hire. Excluding anyone from training creates a dangerous vulnerability.”
Training should also make sure that employees can identify the signs that a brute force attack may be occurring. If employees receive notifications reporting multiple failed login attempts, for example, they should alert their company’s security team.
“An organization’s best defense will be employees who understand cybersecurity threats and know how to repel them,” Barros says. “Organizations that fail to empower employees through effective cybersecurity training create a vulnerability that cybercriminals will be quick to exploit.”
You may also like: 7 Must-Know Digital Safety Hacks You Can’t Ignore
Image source: DepositPhotos.com
