People working for corporations in the energy field seem to be fond of cinema, with the passwords ‘film@123’, and ‘film’ among their top password picks, reveals a new report

The Middle East is reported to have the second highest average total cost of a data breach in the world, a position it has maintained for the second year running, according to data compiled from two different research reports.

The reports by NordPass and IBM Security look into the types and sizes of breaches that companies, especially in the energy sector, repeatedly encounter and calling for urgent cybersecurity measures to protect key assets.

Stolen or compromised credentials remained the most common cause of a data breach in companies, accounting for 19 per cent, says IBM.

According to NordPass’ report, energy sector employees, working for the world’s richest companies, use very poor passwords to secure business accounts. NordPass is a proprietary password manager developed by Nord Security, a global cybersecurity leader.

While cybersecurity experts repeatedly urge businesses to take better care of corporate accounts, passwords such as ‘film@123’, ‘film’, and ‘password’ still make it to the top of the energy industry’s list.

These passwords make up the list of the 10 most used passwords in the energy sector. The others include ‘123456’, ‘passer’, ‘aaron431’, ‘pa55word’, ‘company’s email domain.com*’, ‘company’s email domain.com*’ and ‘12345’.

Although NordPass looks at the change in internet users' password habits year-round, this year, the company specifically investigated passwords that employees of the world’s biggest companies from 31 countries use to secure business accounts. The researchers compiled 20 industry-specific passwords lists.

"On one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap. On the other hand, it is only natural because internet users have deep-rooted unhealthy password habits. This research once again proves that we should all speed up in transitioning to alternative online authentication solutions," says Jonas Karklys, CEO of NordPass.

NordPass’ analysis looked into the world’s 500 largest companies by their market capitalisation, which represented 31 countries and 20 industries.

The US (46.2 per cent), China (9.6 per cent), Japan (5.8 per cent), India (4.2 per cent), the UK (4 per cent), France (3.8 per cent), and Canada (3.6 per cent) are the countries most represented in this research. Also, most of the companies analysed fell under the finance, technology and IT, and health care sectors.

In 2021, the company looked into the passwords that Fortune 500 companies use, and in 2022, investigated the password habits of top-level business executives. Moreover, NordPass annually presents the ‘Top 200 most common passwords’ study, which broadly covers the password trends of internet users.

"While password trends slightly vary each year across different audiences, the general take is that people continuously fail with their password management, and the world desperately needs to switch to new online authentication solutions such as passkeys," says Karklys.

Various progressive businesses such as Google, Microsoft, Apple, PayPal, KAYAK, and eBay have already adopted passkey technology and are offering their users passwordless log-in.

According to Karklys, in no time, other online companies will start following this trend.

NordPass too is developing a tool for businesses to easily integrate passkey support to their websites.

‘FILM’, ‘SNOWMAN’, AND OTHER QUEStIONABLE PASSWORDS

According to the study, passwords, such as ‘password’ and ‘123456’, which shared the top two spots in last year’s list of the world’s most common passwords, are also popular among the largest companies’ employees.

Across all 20 analysed industries, both these passwords were found to be among the seven most commonly used passwords. The word ‘password’ was the number 3 most trending pick among the energy sector’s employees and ‘123456’ ranked 4th.

People working for corporations in the energy field seem to be fond of cinema, with the passwords ‘film@123’, and ‘film’ among their top password picks. Interestingly, the word, ‘snowman’, is also on the list.

Other industries were as creative. The password, ‘dummies’, ranks 6th among consumer goods sector employees, ‘sexy4sho" – 16th among real estate employees, and ‘opensesame’ – 6th in the aerospace field.

COMMON INSPIRATION FOR PASSWORDS

Just like with regular internet users, dictionary words, names of people and countries, and simple combinations of numbers, letters, and symbols make up most passwords presented in the research. However, the remaining 32 per cent indicate another interesting trend.

The world’s wealthiest companies’ employees love passwords that directly reference or hint at the name of a specific company.

The full company name, the company’s email domain, part of the company’s name, an abbreviation of the company name, and the company product or subsidiary name are common sources of inspiration.

"These types of passwords are both poor and dangerous to use. When breaking into company accounts, hackers try all the password combinations referencing a company because they are aware of how common they are. Employees often avoid creating complicated passwords, especially for shared accounts. Therefore, they end up choosing something as basic as the company’s name," says Karklys.

COST OF DATA BREACHES

The ‘Cost of a Data Breach Report 2023’ revealed that globally, the average cost of a data breach had risen to $4.45 million in 2023, a 2.3 per cent increase from the 2022 average cost of $4.35 million, and 15.3 per cent increase since 2020, when the average total cost of a data breach was $3.86 million.

This year’s IBM study - conducted independently by Ponemon Institute - examined 553 organisations of various sizes across 16 countries and geographic regions and 17 industries that were impacted by data breaches that occurred between March 2022 and March 2023.

For the 13th consecutive year, the US held the title for the highest data breach costs at $9.48 million, an increase of 0.4 per cent from last year’s $9.44 million. Like last year too, the Middle East had the second-highest average total cost of a data breach at $8.07 million, up 8.2 per cent from $7.46 million.

The Middle East includes a cluster sample of companies located in Saudi Arabia and the UAE.

Energy is fourth on the list of industries to have experienced the highest data breach costs in 2023, at $4.78 million.

Healthcare continues to experience the highest data breach costs of all industries, followed by financial and pharmaceuticals, and industrial on number five.

According to IBM threat intelligence, manufacturing is the industry most commonly targeted by cybercriminals.

TIPS TO SECURE BUSINESS ACCOUNTS

Karklys says that by implementing a few cybersecurity measures, businesses could avoid many cybersecurity incidents:

• Ensure company passwords are strong. They should consist of random combinations of, at least, 20 upper- and lower-case letters, numbers, and special characters.

• Enable multi-factor authentication or single sign-on. While the MFA set up on another device, connected with email or SMS codes guarantees an additional layer of security, single sign-on functionality helps reduce the number of passwords people have to manage.

• Critically evaluate whom to grant account credentials. Access privileges should be removed from people leaving the company and passed on only to those who are in need of certain access.

• Deploy a password manager. With a business solution, companies can safely store all their passwords in one place, share them within the organisation, ensure their strength, and effectively manage access privileges.