‘Password fatigue’ is leaving online businesses open to cyberattack.

As cloud technology enables companies to increasingly adopt multiple internal and external systems, – each requiring a login – people are at risk of becoming complacent over security.

“We are in a hybrid model: many people are working from home, many people are working from the office – and this is exactly why IT security is important,” Harish Sekar, senior technical evangelist at ManageEngine, explains to BusinessCloud.

“Security is easy to understand, but very difficult to put into practice. People at the helm – CISOs and CTOs – find this a huge battle.”

ManageEngine is an enterprise IT management software company owned by the Zoho Corporation in India which operates a UK base and has many clients on these shores.

Explaining ‘password fatigue’, Sekar says: “There’s a smooth user experience; and then there is security within the organisation. When you give in to one, the other drops. 

“So initially, the practice was to use separate usernames and passwords – but people were forgetting the passwords so it all began to revolve around weak, reused passwords.

“We want to raise awareness with people that this is the gateway for an attack, so you need to beef up your security. That’s what ‘zero trust’ means: don’t believe anyone – if in doubt, ask them to validate again.”

The next big cyber threat is Russia – & blockchain

He adds: “We help companies understand their line of business; get reports; understand who has access to what level; whether users are being onboarded or reactivated correctly; and whether the access is being given promptly.

“Then, we ask, how efficient is the access, without destroying the user experience by bogging them down with password resets? Not asking them to do more than required – but at the same time not letting them use weak passwords.

“‘Zero trust’ is not a single click button. It does not happen overnight. It takes time. And with time you get to understand your line of business better – and our solutions get better with it.”

HOST pilots NCSC’s CyberFirst Schools in North West