De-Risking Security Investments and Tackling the Password Problem

Steven Hope, CEO, Authlogics

Steven Hope, CEO, Authlogics

Everyone involved in the security and wider IT function of an organisation is aware of the threat of cybercrime, the requirement of regulatory compliance in respect of personal data, and the risk of potentially devastating losses that can result from inadequate protection. However, the problem is translating this into a compelling business case for new and improved systems. How do you demonstrate a return on investment?

The vendor community has done little to make this process easier, offering up impressive statistics regarding the ability of their solution to detect threats, but failing to back this up with any tangible measurement of its impact. The good news is that this is changing and Authlogics is proud to be at the forefront of this drive to de-risk security investments.

Authlogics is a multi-award-winning UK-based company that provides enterprise password security and multi-factor authentication (MFA) technologies to organisations large and small in the public and private sectors all around the world. Its Password Breach Database contained over 4.5 billion breached credentials, making it the world’s largest vendor-owned breach database, and the most definitive resource available regarding the password breach status of any live or dormant account.

Two billion records containing passwords were compromised in 2021

The immense scale and urgency of the breached account problem are illustrated by the statistic that in the region of 95 million Active Directory accounts are attacked daily. If this isn’t shocking enough two recent reports further stress the need for immediate action. ForgeRock in its ‘2022 ForgeRock Consumer Identity Breach Report’ suggests that two billion data records containing usernames and passwords were compromised in 2021,  representing a 35% increase from the previous year.

Each of these breaches ‘could’ represent a vulnerability that a determined cybercriminal may look to exploit. Of course, it is the case that not all breached accounts have the potential to expose an organisation to a successful attack, however, should a ‘way in’ be found the implications are staggering. In July 2022, IBM released its ‘Cost of a Data Breach Report’, which states that data breach costs have risen from $3.86 million to $4.24 million on average. Loss of business in the region of $1.59 million was responsible for the largest share of the costs. In addition, compromised email was responsible for 4% of breaches, yet it had the highest average total cost ($5.01 million) of the 10 attack vectors in the study.

What is particularly troubling is the 287 days on average taken to detect a breach. This means that in many cases it is likely to be close to one year, if ever.

Password-related breaches are an attack vector that needs to be addressed from both cybersecurity and regulatory compliance perspective and password policies, regardless of how robust they are, simply do not suffice.

Yet, as compelling as these statistics are, they do not answer the question of how to get an investment in a solution to remediate and prevent further breaches, greenlit.

The Next Generation of Password Security Management

"Authlogics is the next evolution of password security management. It is the stepping stone toward passwordless authentication. It offers features such as half one-and-a-half factor authentication and two-factor authentication as well. The deployment is straightforward, and the support is very helpful."

Authlogics Password Security Management (PSM) is an end-to-end auditing, real-time protection, remediation, and reporting solution, designed to comply with best practices with a key focus on adhering to NIST SP 800-63B compliance for password security and user authentication. It provides protection against breached and shared passwords and mitigates common identity-based attacks such as phishing and keylogging, whilst removing the burden of password resetting from users and helpdesks.

  • Authlogics is the next evolution of password security management. It is the stepping stone toward passwordless authentication

 The solution itself does not require a major investment, with scalable pricing making it affordable for small businesses, large enterprises, and both private and public sectors (it is available via the Crown Commercial Services G-Cloud framework). However, it de-risks decisions by providing a 100% money-back guarantee to demonstrably reduce password breach risk and lower IT support costs.

It does this by providing a dashboard that displays graphs, alerts, and reports regarding the historic and current passwords breach status of each user in the organisation (up to every four hours). Within days of installation, an organisation will be able to see its exposure to data breaches from compromised passwords falling. As this number drops the threat surface of the organisation contracts, reducing exposure to attack regulatory risk and lowering helpdesk costs.

Not only does this approach to de-risking security investments speed up the decision-making process and time to deployment, in the case of Authlogics it also provides a solid foundation upon which the organisation can progress at its desired pace toward a passwordless multi-factor authentication system.

“We reviewed several MFA products. Authlogics was one of the few to offer a proof of concept which let us try it before we buy it. The amazing part was while other companies were quoting a minimum of 40-80 hours of professional services, we had this up in running in less than 90 minutes.

The first step toward making a strong business case is to ascertain the scale of the problem. The Authlogics Password Breach Database can be used free of charge, to determine how many company passwords have been breached and the number of accounts that are using the same passwords.  Furthermore, the Password Security Management and Multi-Factor Authentication solutions are available on a 30-day free trial.

For more information visit: www.authlogics.com