May 1, marks the 12th anniversary of World Password Day.
A lot has changed in the world of cybersecurity since 2013, the year in which Dubai Airports was hacked by The Portugal Cyber Army and HighTech Brazil HackTeam, stealing information about employees and other data.‘Cybersecurity’ is a phrase everyone is now familiar with as a part of modern-day life and with our interconnected worlds only continuing to accelerate.
What hasn’t changed, however, is the threat of an attack. Now, in 2025, businesses and individuals can appreciate that attacks are indiscriminate, fast, take place on a global scale, and can happen at any time. The ferocity and sophistication of cybersecurity incidents have only increased as our data usage continues to explode on a global scale.
In today’s enterprise, it’s almost impossible to ignore how deeply embedded cloud, SaaS, and hybrid environments have become in daily business operations. Even organisations with strict controls have found it difficult to resist the pull of scalable infrastructure, the latest tools, and the ever-increasing demand for agility and productivity. Whether sanctioned or shadow IT, these platforms are now integral to business.
But as our digital environments have evolved, one constant has stubbornly remained: the password. Despite being a decades-old security mechanism—often the first line of defense—it continues to serve as the gateway to critical systems and sensitive data. And while it might seem like a basic building block, its role in cyber resilience has never been more critical.
Recent findings from Rubrik Zero Labs reinforce this reality: 90% of IT and security leaders reported experiencing a cyberattack in the past year. And with 35% of them naming hybrid cloud data security as their top challenge, the urgency becomes clear. Add to this, it is estimated that over a third of sensitive files are classified as high risk—typically containing Personally Identifiable Information (PII)—and it’s evident that foundational security practices, like identity and access management, need renewed focus.
The password and the identity tied to it may be legacy, but in the modern enterprise, they’re far from obsolete.
Password protection remains a fundamental pillar of enterprise security—arguably more critical now than ever before. As businesses race to embrace AI’s transformational potential to boost productivity, streamline operations, and extract deeper value from data, they must also confront a parallel reality: threat actors are evolving just as quickly.
We’re now seeing a concerning trend where compromised AI systems can be used as reconnaissance tools for attackers. Designed to help users search vast repositories of files, chat histories, and business intelligence, these GenAI platforms are compelling but when identities tied to these systems are compromised, that same power can be used against an organisation. Essentially, what accelerates business outcomes becomes a highly efficient breach assistant.
Compromised credentials, notably passwords, remain among the most common entry points for ransomware and other advanced attacks. Now, in an AI-driven world, the stakes are even higher. If attackers gain access to an AI system via a stolen identity, they don’t just access files—they gain context, patterns, and insights at machine speed.
In this landscape, securing identities isn’t just an IT best practice—it’s a core business need. As AI becomes embedded across an enterprise, protecting the passwords and identities that govern access to these tools must be prioritised with the same urgency as protecting sensitive data.
Fortifying Security. Ensuring Business Continuity
Employee password vulnerabilities are a major cybersecurity risk. For businesses, insider threats, often driven by compromised credentials, can expose a huge hole in a cyber resiliency defence strategy and leave an open door to criminals to exploit. Here are my views on how businesses can strengthen their defences:
- Educate and train your employees: Human error is a major vulnerability. Regularly train staff on password best practices, phishing attempts, and the importance of data security protocols.
- Password managers: Encourage or mandate the use of reputable password managers. These tools generate and securely store complex, unique passwords for different accounts, reducing the burden on employees to remember multiple combinations.
- Regularly update software and systems: Keep all software, operating systems, and security tools updated with the latest patches. Updates often address known vulnerabilities that cybercriminals can exploit.
- Implement and retain strong access controls across your ecosystem: limit access to sensitive data and systems to ensure employees have only the permissions necessary to perform their job duties.
- Implement backup and recovery planning and solutions: create an incident response plan to ensure that if an attack does happen data is safe, has been regularly backed up and is secure, so you can hit the ground running again.
In short, make everyday World Password Day, whether in your personal or professional life. By embracing a holistic approach to cyber resiliency, businesses and staff can reduce the risk of falling victim to threats, assets, and reputational damage.
