What are they thinking? According to a recent study by global security firm NordPass, “123456” is the most common password amongst CEOs.
That’s the equivalent of leaving a key under the front door mat with a sign reading: “I’ve left the key under the mat.”
What these business leaders seem to overlook is that cyber attacks by increasingly sophisticated hackers not only freeze or steal sensitive corporate data but can force victim companies to pay hundreds of thousands if not millions of dollars.
“Everyone from gamer teenagers to company owners are targets of cybercrimes,” says Jonas Karklys, CEO of NordPass. “The only difference is that business entities, as a rule, pay a higher price for their unawareness.”
NordPass is a product of Nord Security, a global cybersecurity company with offices across Europe, the United Kingdom and the United States, offering services across a number of software platforms for both business and consumer clients. It recently conducted a survey of Fortune 500 businesses to determine current weaknesses in corporate cyber security.The report concluded that “password hygiene” is a major cause of cyber attacks and ransomware demands on businesses.
Within the construction sector, NordPass found there were nearly three million total breaches. The basic “123456” was found to be used by C-level executives, managers and business owners about 1.1 million times. In second place was the word “password.” Other commonly used passwords were the company name itself or minor variations of the name.
It’s a matter of conjecture as to why CEOs are so casual about passwords. Whatever the reason, whether it is password fatigue or a misunderstanding of the consequences, easily hacked passwords often open the door to corporate data theft.
Karklys suggests three steps companies should take to reduce the risk of cyber attack.
First is to employ a “password manager” that stores all passwords in an encrypted digital storage locker, such as that offered by services companies like NordPass.
Second, staff should be thoroughly trained and retrained on cyber security measures, beginning at the most basic levels for those not technically savvy.
Third, multi-factor authentications (MFAs) using two or more authorization mechanisms to ensure identity should be enabled.
“These can be separate apps, security keys, devices or biometric data,” says Karklys.
Failure to take suitable cyber security measures can be costly, even for those not among the Fortune 500.
An annual survey of 5,600 IT professionals in mid-sized companies across 31 countries commissioned by cybersecurity solutions company Sophus revealed the average cost to recover from ransomware attacks in 2021 was $1.4 million, a five-time increase from 2020. It took corporate targets one month on average to recover from the resultant damage and disruption.
“Ninety per cent of organizations said the attack had impacted their ability to operate, and 86 per cent of private sector victims said they had lost business and/or revenue because of the attack,” according to Sophus.
The report also notes the continual growth of corporate data attacks and increased demands for ransom from hackers has made cyber insurance more expensive and reduced policy availability, according to feedback from 94 per cent of survey respondents.
Based on data contributed by 15 leading global insurers, cyber services firm NetDiligence says in its 2021 Cyber Claims Study that annual premiums for protection against cyber incidents can range from about $150,000 for small and medium-sized businesses to over $10 million for large corporations.
Overall, rates have jumped by about 89 per cent, confirms insurance analytics firm Risk Strategies in their 2022 State of the Market Report. Costs are significantly higher for ransomware mitigation.
“There’s no polite way to say this,” says the NetDiligence report. “The threat of a ransomware cyber attack is not only real, it’s here and causing damage by the second, with no end in sight. At this stage of the lawless pay-or-else game, no organization is safe from the devastating financial impacts, regulatory issues, and brand damage of this malware-driven virus.”
John Bleasby is a Coldwater, Ont.-based freelance writer. Send comments and Inside Innovation column ideas to firstname.lastname@example.org