World Password Day: Interview with Thomas Malchar on IT Security 2019
Mr Malchar, at the beginning of the year, another data theft shook us once again, albeit on a gigantic scale: 773 million e-mail addresses and 21 million passwords were hacked under the title Collection#1. How do you assess the causes of this current threat?
One thing is certain: The number and complexity of cybercrime and hacker attacks have increased significantly in recent years. The dangers are as varied as they are numerous and range from potential security gaps through cloud computing and the mobile workforce concept up to social engineering and the classic form of weak passwords.
Companies as well as private individuals still offer too many weak points, which often make it almost frighteningly easy for attackers to gain access to sensitive data. Especially with Collection#1, so many passwords could be uncovered in plain text, because many users still use the same combinations of e-mail addresses and passwords for several services.
According to the BSI, the threat situation for digital data has reached a new high.1 What role does user behaviour play in this?
The security requirements for the user have risensignificantly: The number of websites, apps and thus accesses and accounts per user continues to rise. Managing these securely is almost a mammoth task for the individual.
As the requirements for a strong password increase, users remember only one to three passwords and use them for multiple applications. Or they use Excel lists, Post-ist and Co. instead of a password manager. This can have different reasons like ignorance, but also unfortunately laziness or a lack of alternatives. By the way: The most popular password in 2018 was "123456".
What mistakes do companies make when dealing with IT security?
In the digital age, companies want to make data access as easy as possible for their employees and business partners. To do this, companies often prefer to accept security gaps rather than dealing with complex software or employee complaints. The mistake is often made to combine different services instead of a holistic security concept, thereby unnecessarily complicating the security situation.
Furthermore, employees are not sufficiently trained in the new system landscape or even integrated. The result of this behavior can be measured in figures: The estimated costs incurred by companies in 2018 as a result of cybercrime incidents have increased from 20 to over 27 million US dollars in the US, alone compared to the previous year.2
What would you advise companies to do?
Speaking of the Human Security Gap: To what extent do employees pose a risk to companies?
Let's talk about the future of passwords on World Password Day. How will classic password management develop?
Last but not least: How does Password Safe adapt to the growing security threats?
Thanks to our in-depth technical expertise, Password Safe has the necessary functionalities to offer a dynamic security solution that meets the needs of companies of various sizes. Because what makes our software special is the variety of functionalities. Password Safe can be tailored to any company in four available editions – in all industries, from start-ups to large corporations.
Sources:
1 Cf. Federal Office for Information Security, Management Report 2018
2 Cf. Statista, Survey 2018