By Chern-Yue Boey
With as many as 4,000 password attacks occurring per second globally, the vulnerability of user passwords has become more pronounced with a tenfold increase in attacks in the past year alone.
Despite years of industry discourse on the perils of weak passwords, organisations continue to underestimate the risks associated with relying solely on passwords to safeguard valuable information – with login and access passwords serving as the Achilles heel exploited by hackers to breach corporate networks.
Passwordless solutions have emerged as a promising alternative, incorporating technologies such as biometrics, authenticator apps and tokens. However, it remains crucial for organisations to recognise that these alone do not ensure security.
Malicious actors often also exploit weaknesses in business systems lacking least privileged access controls – especially in today’s dynamic threat landscape, where compromised identities often serve as the primary trigger for the majority of data breaches.
The consequences of this oversight are costly, making businesses susceptible to a barrage of attacks once cyberattackers get one foot in the door. In fact, IDC’s recent report found that a staggering 59% of enterprises in APJ have fallen victim to ransomware attacks, with 32% ultimately paying the ransom.
Furthermore, the advent of AI has exacerbated the risk for businesses, empowering even novice cybercriminals with accessible means to launch even more complex and sophisticated threats.
Instead of viewing passwordless authentication as a standalone solution, organisations should seamlessly integrate it with a robust identity security framework. Given that organisations are set to manage up to 10% more identities over the next 3 years, it is critical for organisations to have the capability to manage access levels across all identities within the entire IT ecosystem.
A unified, integrated identity security approach gives organisations full visibility into their identity landscape, enabling them to swiftly detect and prevent unauthorised attempts to access privileged information or systems, and detect any irregular activities early as a reliable fail-safe.
Chern-Yue Boey is senior vice president, Asia-Pacific, SailPoint
