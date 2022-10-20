There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don’t know it yet. Criminals are relentless.

Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within seconds of coming online. And the cost of a data breach can be enormous.

As the crucial first line of defense against hackers, passwords have been used since the dawn of the Internet, and I believe they will continue to be used long after I retire.

Yet, the majority of company-related passwords fail to meet minimum security requirements — and the number of companies lacking multi-factor authentication tools or enterprise controls is staggering.

As a specialist in password cracking, I help lead IBM’s X-Force Red, an autonomous team of veteran hackers within IBM Security that helps businesses discover and identify critical vulnerabilities to cyberattacks. Our mission is to “hack anything to secure everything.”

One thing I know for sure: your enterprise system will be hacked. Password breaches are on the rise, and the vast majority of enterprise breaches can be attributed to poor password security. So, how can your business protect itself?

Strong password hygiene paired with an enterprise password manager, backed by company policies and multi-factor authentication, will reduce your risk. And in the age of cloud, zero trust security must be wrapped around every connection, every device, every user, every time.