2017 seems on track to be another record-breaking year for data breaches. We’ve witnessed far-reaching events like the Equifax breach affecting 143 million people, and an update from Yahoo! that all 3 billion user accounts were actually stolen in their 2013 hack.
But when these breaches only seem to impact consumers, why should your business care?
Consumer Passwords Could Cause the Next Business Breach
The trouble is, employees don’t suddenly change their password security behavior in the workplace. People have too many passwords to keep track of (think double digits) and will do what is easiest. That means reusing the same passwords – or the same patterns to create passwords – at home and at work.
When these massive lists of credentials are leaked online, along with other juicy personal details, attackers will start trying those combinations on other web servers. One of their targets will inevitably be your business, because businesses offer much more lucrative targets. If an employee reuses just one password, those attackers can now find a way into your corporate systems and start to do some damage.
New A.I. Means Most Passwords are Toast
Now, it looks like Artificial Intelligence is going to ramp up hackers’ ability to crack passwords – and businesses need to prepare.
Researchers at Stevens Institute and New York Institute of Technology published a new study explaining how A.I. can outdo even the most powerful known password-guessing tools, like HashCat and John the Ripper.
Called PassGan, the A.I. tool can be fed millions of passwords and will begin to learn the patterns that people rely on to create their passwords. By simulating how humans think, PassGan can more accurately predict the passwords people are using already – or may use in the future, if they rely on the same habits and patterns to create new passwords.
The researchers of the study pointed out that, even if malicious hackers don’t yet have these tools, it’s probable they will within the next few years.
Using Better Technology to Defend Against A.I.
What many businesses are lacking, though, is direct visibility into employee password behaviors. 61% of IT executives say they rely exclusively on employee education to enforce strong passwords, and 78% say they do not have complete control over employee use of cloud apps.
To protect against these advancements in password cracking, your business’ approach to password security has to advance, too. IT needs true visibility into employee password behavior across the organization. Employees need a tool to create passwords on-demand that are truly randomized and strong passwords so they can better withstand password cracking tools.
Implementing a business password manager, coupled with multi-factor authentication and thorough employee training, can build the visibility and control IT needs over password security, in a way that is easy for employees to adopt. When the next generation of password cracking techniques become commonplace, your business will be much better prepared to withstand attacks and transform employees from a security liability to a strong asset.