06 May 2025 5 min

Why Passwords still matter as a first line of cybersecurity

Written by: Litha Maqungo Save to Instapaper
Why Passwords still matter as a first line of cybersecurity

A lot has changed in the world of cybersecurity since 2013. The year in which Yahoo reported a hack of one billion customer accounts, or since retail giant Target experienced the compromising of 40 million credit and debit card accounts and 70 million customer records. ‘Cybersecurity’ is a phrase everyone is now familiar with as a part of modern-day life and with our interconnected worlds only continuing to accelerate. 

What hasn’t changed, however, is the threat of an attack. Now, in 2025, businesses and individuals can appreciate that attacks are indiscriminate, fast, take place on a global scale, and can happen at any time. The ferocity and sophistication of cybersecurity incidents have only increased as our data usage continues to explode on a global scale. 

In today’s enterprise, it’s almost impossible to ignore how deeply embedded cloud, SaaS, and hybrid environments have become in daily business operations. Even organisations with strict controls have found it difficult to resist the pull of scalable infrastructure, the latest tools, and the ever-increasing demand for agility and productivity. Whether sanctioned or shadow IT, these platforms are now integral to business.

But as our digital environments have evolved, one constant has stubbornly remained: the password. Despite being a decades-old security mechanism—often the first line of defense—it continues to serve as the gateway to critical systems and sensitive data. And while it might seem like a basic building block, its role in cyber resilience has never been more critical.

Recent findings from Rubrik Zero Labs reinforce this reality: 90% of IT and security leaders reported experiencing a cyberattack in the past year. And with 35% of them naming hybrid cloud data security as their top challenge, the urgency becomes clear. Add to this, it is estimated that over a third of sensitive files are classified as high risk—typically containing Personally Identifiable Information (PII)—and it’s evident that foundational security practices, like identity and access management, need renewed focus.

The password and the identity tied to it may be legacy, but in the modern enterprise, they’re far from obsolete.

Password protection remains a fundamental pillar of enterprise security—arguably more critical now than ever before. As businesses race to embrace AI’s transformational potential to boost productivity, streamline operations, and extract deeper value from data, they must also confront a parallel reality: threat actors are evolving just as quickly.

We're now seeing a concerning trend where compromised AI systems can be used as reconnaissance tools for attackers. Designed to help users search vast repositories of files, chat histories, and business intelligence, these GenAI platforms are compelling but when identities tied to these systems are compromised, that same power can be used against an organisation. Essentially, what accelerates business outcomes becomes a highly efficient breach assistant.

Compromised credentials, notably passwords, remain among the most common entry points for ransomware and other advanced attacks. Now, in an AI-driven world, the stakes are even higher. If attackers gain access to an AI system via a stolen identity, they don’t just access files—they gain context, patterns, and insights at machine speed.

In this landscape, securing identities isn’t just an IT best practice—it’s a core business need. As AI becomes embedded across an enterprise, protecting the passwords and identities that govern access to these tools must be prioritised with the same urgency as protecting sensitive data. 

Employee password vulnerabilities are a major cybersecurity risk. For businesses, insider threats, often driven by compromised credentials, can expose a huge hole in a cyber resiliency defence strategy and leave an open door to criminals to exploit. Here are my views on how businesses can strengthen their defences: 

  • Educate and train your employees: Human error is a major vulnerability. Regularly train staff on password best practices, phishing attempts, and the importance of data security protocols.
  • Password managers: Encourage or mandate the use of reputable password managers. These tools generate and securely store complex, unique passwords for different accounts, reducing the burden on employees to remember multiple combinations.
  • Regularly update software and systems: Keep all software, operating systems, and security tools updated with the latest patches. Updates often address known vulnerabilities that cybercriminals can exploit.
  • Implement and retain strong access controls across your ecosystem: limit access to sensitive data and systems to ensure employees have only the permissions necessary to perform their job duties.
  • Implement backup and recovery planning and solutions: create an incident response plan to ensure that if an attack does happen data is safe, has been regularly backed up and is secure, so you can hit the ground running again. 

By embracing a holistic approach to cyber resiliency, businesses and staff can reduce the risk of falling victim to threats, assets, and reputational damage.

Total Words: 808

Submitted on behalf of

Press Release Submitted By

  • Agency/PR Company: Future Somebody
  • Contact person: Litha Maqungo
  • Contact #: 0764712708
  • Website
  • LinkedIn

Future Somebody

7 Press Release Articles

Future Somebody is a boutique PR and marketing consultancy dedicated to helping founders, startups, and disruptor businesses show up with purpose and clarity. We offer strategic publicity services, media outreach, and digital storytelling that gets our clients seen, heard, and remembered — locally and globally.