2021 was (sadly) the year for hackers- from the continuous rise of ransomware to new phishing scams creeping onto the scene. It has only just been revealed a record-breaking 17 million customer accounts were stolen by hackers from 17 companies, as a critical consequence from credential stuffing attacks.
Jason Soroko, CTO of PKI at Sectigo, and long-serving cybersecurity industry veteran, tells us how businesses can make better use of technology for a stronger cyber infrastructure in 2022:
“Credential stuffing attacks like this one can easily be avoided with passwordless authentication technologies. Passwords offer weak security and are an outdated form of authentication. This shared secret method makes it too easy for a malicious party to guess, steal, or socially engineer their way into a network to access sensitive data.
Passwordless authentication is a highly secure alternative. Enterprises should implement next-generation identity management with Public Key Infrastructure (PKI)-based authentication. Digital certificates work behind the scenes via a much stronger form of secret: A cryptographic key pair consisting of a public key and a private key — to ensure that sensitive information stays private and locked away from bad actors. Enterprises today can’t continue relying on pre-pandemic cybersecurity approaches. Strong digital identity security centered around passwordless authentication is key.”