A study by NordPass revealed a troubling reality: Out of the world’s 1,000 most popular websites, an overwhelming majority continue to ignore even the basic standards of password security. Only 1% of platforms implement all the recommended practices while the rest practically allow the use of weak protection and expose their users to increased risk. The consequences of such an approach are well-known. According to the information from the Verizon DBIR, 80% of all breaches are primarily caused by account information theft. Weak or compromised passwords remain the most convenient way for cyber criminals to access critically important systems and personal data.
The revealed results are particularly troubling for sectors where security issues must be prioritized by definition — government and healthcare services. In spite of the fact that these services work with the most sensitive information, they dramatically fall behind in terms of implementing passwordless authentication and modern security standards. The reasons are complex, but several factors are systemic.
First, the extremely prolonged change cycle. Any modernization goes through many levels: from detecting the need and budgeting to tenders, vendor selection, price and quality analysis. As a result, something that was projected several years before, becomes out-of-date before its launch. Second, infrastructure complexity. Many government and healthcare systems are tightly integrated with each other, so an update of one component often launches a ‘domino effect’ and demands rebuilding others. There are also times when technical limitations render modernization impossible altogether.
Equally important is the human factor. The services in question are used by people of different age and digital literacy, and any security enforcement often presupposes additional steps: verification, finetuning, education. As a result, convenience often gets placed before security — sometimes subconsciously, sometimes because of overloaded user support services.
Today, when account information remains the main target for attacks, the inertia no longer represents only operational risk, but also a threat to national security. Modern cybersecurity standards are no longer optional, they become collective responsibility. Critically important services have to integrate modern authentication models without delay, to ensure real and not declared safety level. Businesses and other organizations must also move in this direction: review their safety policies, update their infrastructure, and implement practices that minimize the risk. Only coordinated action on all levels can withstand the wave of attacks that poses a threat not only to businesses but to the state’s security and stability as well.
Olga is a recognized expert in IT and information security with 19 years of experience. Among other things, she specializes in information security systems design and implementation. Her profound knowledge of IT technologies and principles of building IT infrastructure put her in the position of the Chairperson of the Committee on IT and Cyber Security of the German-Ukrainian Chamber of Industry and Commerce. Olga is also the CEO of the Ukrainian IT company Silvery LLC.
