Virtualization Technology News and Information
Specops 2022 Predictions: Your New Years' Resolution - Improving Password Security

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Your New Years' Resolution - Improving Password Security

By Darren James, Head of Internal IT and Product Specialist, Specops Software

In 2021, the big, headline-grabbing attacks focused on the supply chain and ransomware attacks on critical infrastructure, which have a wide-reaching impact. What has been overlooked in many of these data breaches and attacks is that compromised passwords are often to blame for the initial security breach. This was the case when Colonial Pipeline was breached in May, causing fuel shortages across the East Coast. The root cause of this ransomware attack was a compromised password that has since been discovered within a list of leaked passwords on the dark web.  

That said, in 2022, companies still need to focus on the basics -- like password security -- to improve protection against ransomware and other increasingly common attacks. Employee passwords are the backbone of any company's cybersecurity posture. Social engineering and AI-driven ‘spray and pray' attacks are escalating and it's easier than ever for attackers to obtain lists of leaked passwords. If there is just one step you take during 2022 to improve your password security, this is the one.

Avoiding the Breached Passwords List

Implementing a comprehensive list of breached passwords that are blocked from being used in your environment is a must. It is shocking just how common these passwords appearing on the breached password lists are. For example, research conducted by Specops Software in conjunction with Star Wars Day on May 4, 2021, analyzed more than 800 million breached passwords out of a list of 2 billion, finding the top 20 Star Wars-themed passwords breached. Famous Jedi Master "yoda" took the #1 spot, showing up on breached password lists nearly 37,000 times. After that, "starwars" itself took the number two spot, showing up over 22,000 times with the adorable "ewok" trailing close behind at over 17,000 times. To avoid this, having a strong list requires constant updating with live attack data to provide protection from the passwords that are being used in attacks today.

Equally important is setting password policies for employees, ensuring best practices in line with NIST and other standards like choosing longer passphrases, and utilizing multi-factor authentication tools.

The New Hybrid Work Requirements

With the Omicron Covid-19 variant quickly becoming the dominant strain in the US, it's safe to say no one exactly knows what's in store for 2022. Consequently, the one thing that remains definite is the continuation of remote and hybrid work models for the foreseeable future. For companies who are continuing to work in a hybrid work model or recently are making the switch, there are several steps companies need to take in 2022 to improve overall security posture: 

  • Encrypt all devices used outside of the office to know that if they fall into the wrong hands they will not expose confidential company data.   
  • Implement multi-factor authentication to all network and cloud services. Many companies have identified the risk for admins and other privileged accounts but haven't yet rolled out MFA to their entire organization. 2022 is the moment to take that step. Most cloud services office MFA today and it's easy to configure to the requirements of your organization.  
  • Verify callers to the IT service desk. A bad actor impersonating an employee can contact the IT service desk and receive help to perform a password reset, which opens the door to penetrate the corporate network with malware or ransomware. 

2022 is the perfect time for companies to really work on their cybersecurity posture. Despite continued uncertainty of what the world will look like or where employees may be working in the New Year, password security is still critical and should remain top of mind as we step into the New Year.



Darren James 

Darren James is a Product Specialist and cyber security expert at Specops Software. He works as a lead IT engineer to help customers reduce costs, improve security and increase productivity. He holds Microsoft certifications within IT Service Management, O365, Enterprise Administrator, Server Administrator and Security. Darren has more than 25 years' experience working in technical IT roles, centering around Active Directory, IT security, cloud, larger-scale migrations, integrations and identity and success management.

Published Friday, January 07, 2022 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>