For decades, organizations have used passwords as a way to authenticate users before they access services hosted on the company network. Today, though, companies rely much less on the internal network and much more on services hosted on the internet, such as applications like Office 365, Gsuite, Zoom, Salesforce and more.
These services are hosted in the cloud, enabling employees to access them from anywhere, on any device, as long as they have the right credentials. While this way of working is excellent for productivity and collaboration, it presents a host of security issues since we know that most employees have poor “password hygiene” practices.
In recent years, cyber attackers have used stolen, phished, or easy-to-guess passwords to break into these services and exploit organizations, launch ransomware attacks, or steal sensitive information. As ransom payments have ballooned, so too have the frequency of these attacks. Hackers have figured out that small and medium businesses are easier to penetrate and less likely to have protections in place to allow them to recover without paying a ransom, making them ideal targets for these kinds of attacks.