On the other hand, cyber threats are constantly increasing to an unimaginable extent and cybercrime is becoming increasingly professionalised. Private individuals and companies are being forced to come up with efficient and secure solutions to take a stand against these daily challenges in order to guarantee the protection of sensitive data.

Ransomware is and remains the biggest threat, although IT security and information technology authorities have long observed a change in technique in EU-wide ransomware attacks. The focus is no longer just on large and wealthy companies, but increasingly on small and medium-sized organisations, government institutions and local authorities. As a result, cyber attacks are increasingly affecting citizens at the expense of public institutions, with the result that citizen-centred services are temporarily unavailable or personal data falls into the hands of criminals. Cyber criminals are also becoming more professional, relying more on a division of labour, working closely together across borders and sectors, and specialising more and more to target their attacks.

Software products in particular have worrying security flaws with system gaps and vulnerabilities that must be classified as critical. 

These vulnerabilities are considered an excellent gateway for cyber criminals with potential or high malicious effects on systems and networks.

However, AI, which is well known for its new possibilities in large-scale IT, also brings new and additional risks. Tools can be easily manipulated using AI elements, making them highly effective for abusive and criminal purposes. For example, 'deepfakes' - realistic-looking media content, manipulated images, videos and voices - are becoming increasingly authentic, making them harder for consumers to detect. Not to mention the ability of AI to create malware itself, cybercriminals can use AI to design and create phishing emails faster, more efficiently and more believably, literally flooding the web with deceptive disinformation campaigns.

A word about the so-called 'passwordless future'. Passkey technology is already being offered on the Web by some service providers as a replacement for passwords. Basically, this so-called 'public key cryptography' enables secure identification through simple actions that are easy for the user to understand, such as facial recognition, fingerprints, etc. The process is similar to multi-factor authentication, but is considered more secure. The disadvantage of this approach is that, in the case of passkeys, it will be some time before this functionality is available for most services. Although passkeys are becoming more popular, the use of passwords, and especially password managers, is not going away any time soon.

Of course, threats to IT security can also be attributed to current wars and geopolitical conflicts and tensions. These cyber attacks are primarily driven by the propaganda purposes of various conflicting states to create insecurity, undermine people's confidence and affect social stability in the targeted countries.

Resilience to increasing threats is more important than ever. Our globally networked society cannot expect 100% security against attacks on IT infrastructures and software-driven components. However, IT resilience can be improved to better defend against attacks and minimise the negative consequences of an attack. The aim is to take the right measures to minimise all risks from cyber threats and prevent cyber security breaches in the first place.

Human error remains at the heart of the problem. The focus today is on professionalisation of the defence side, more skilled security professionals, standardisation, centralisation and automation of defences.

General cyber-protection measures for everyone and customised solutions tailored to the specific needs of companies in all sectors and of all sizes are the strongest lines of defence in the area of IT security. Rather than constantly appealing to individuals to take protection against digital threats seriously at all times, effective and sustainable IT security training, specific protection rules and consistent controls are also essential for businesses.

Users, both individuals and organisations, create a secure foundation for solid digital security by strictly adhering to known and effective rules and best practices in the use of passwords and, in particular, in the fight against cybercrime. 

Anyone operating in the online world should always prioritise the protection of sensitive data.

Following a few important and simple rules will improve your cybersecurity in the long run. Good password management and strong, secure passwords are the first line of defence against cyber threats. However, a strong password manager is even more effective and secure, especially for businesses. 

By following proven IT security and password rules, individuals and businesses can strengthen their online protection and digital security for the long term.

1. A password manager provides comprehensive security as a practical tool for the flexible generation of secure passwords, as well as for the storage, organisation and flexible and efficient management of all sensitive data. Password managers have many useful and unique features that will definitely make everyday IT life easier for all users, whether at home or at work.
2. Two-factor or multi-factor authentication is essential. The practice of using a single login/password pair is no longer considered secure. While hackers may not be able to easily crack a strong password, it will be extremely difficult for a hacker to gain access to IT components in the event of a data breach unless additional authentication factors are in place.
3. Frequently changing passwords is not the best strategy either. It usually causes more chaos than it helps. If you are unsure whether a password has been compromised, you can always check it against a database of compromised credentials (e.g. haveibeenpwned.com). Powerful password managers already have this feature built in.
4. Give preference to passwords that are considered strong. As well as being long, passwords should be complex and contain a mixture of upper and lower case letters, numbers and special characters. Ideally, a password should contain at least 12 characters, with the security aspect increasing as the number of characters increases. 
5. Avoid simplifications. It is not advisable to use keystrokes such as 123456 or qwerty etc. or long passwords such as 'qwertyuiop'. Password patterns such as 123qwertyytrewq321 are also long but weak. Although they are easy to remember, they are also easy to guess. When using passwords that are too simple, remember that hackers do not try to find them manually, but use special computer programs to do so quickly and efficiently.

If you have any questions about IT data security or the use of a password manager, the security experts at ALPEIN Software will be happy to help you at any time. Simply contact us by telephone or via the contact form.

PassSecurium™ password manager: www.pass-securium.ch

Pass4SAP – a connector between PassSecurium™ and an SAP system for robust SAP-integrated password management: www.pass4sap.com.