Over three billion credentials were reported stolen last year. This means that cybercriminals possess usernames and passwords for more than three billion online accounts. And that’s not just social media accounts; it’s bank accounts, retailer gift card accounts with cash and credit cards attached, airline loyalty accounts with years of accumulated frequent flyer points, and other accounts with real value.
You Can’t Secure 100% of Your Data 100% of the Time
Investing in all the traditional security in the world to prevent your website from having vulnerabilities will not help if your users’ own bad habits of reusing passwords results in cybercriminals being able to log in to your application just like those users. Corporations are spending massive resources educating their workforces on the dangers of clicking on untrusted links in emails and text messages, but it’s all but impossible to make 100% of your employees 100% perfect at detecting phishing attempts 100% of the time. This means that it’s just a matter of time and effort for a dedicated attacker to gain access to almost any corporate network. The long-term answer to cybersecurity lies in dividing what cybersecurity challenges should be the individual responsibility of companies from what should come from platforms and services that take responsibility for foundational security. This model allows technology and service providers to make not only necessary, but extraordinary R&D investments to create the best possible security capabilities and practices for all companies.