INE Security Alert: World Password Day 2025 Cybersecurity Training Insights
By GlobeNewswire Published on May 1, 2025, 15:02 IST
Cary, NC, May 01, 2025 (GLOBE NEWSWIRE) — INE Security, a leading global provider of hands-on cybersecurity training and cybersecurity certifications, today released expert analysis on the current state of password security and security team training best practices as organizations recognize World Password Day on May 1, 2025.
Threat intelligence data shows that password vulnerabilities continue to be the favorite target for hackers worldwide, despite years of warnings from security experts. While companies keep investing in advanced security tech, the humble password remains the front door to most organizations—and too often, it's a door with a broken lock.
'It's concerning to see password-related breaches still dominating security incidents despite all the technological advances,' said Dara Warn, CEO of INE Security. 'What we're finding is that there's a persistent gap between security training and implementation—teams know what they should be doing, but putting that knowledge into practice remains challenging. That's why we're emphasizing practical, hands-on cybersecurity training that transforms security knowledge into meaningful action.'
INE Security's analysis reveals three critical password security trends for 2025: Credential Stuffing Attacks Are Getting Worse
According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches.
According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches. People Just Aren't Using Password Managers
Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, Security.org's 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials.
Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, Security.org's 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials. Hackers Are Getting Better at Bypassing MFA
Multi-factor authentication has improved, but phishing campaigns designed to steal those verification codes have gotten much more sophisticated. Keepnet Labs found that 15-20% of phishing attacks are now specifically crafted to get around MFA protection.
Addressing these vulnerabilities requires comprehensive cybersecurity training that prepares teams for real-world threats.
The Security Training Reality Gap
INE Security recommends a fresh approach to security training to fix these problems and strengthen password protection: Make Training Count: Ditch the annual checkbox compliance training for realistic cybersecurity training scenarios that mirror actual credential attacks. IBM found that top-performing companies are 68% more likely to provide effective training compared to low performers. Teams with proper training save around $70,000 annually and are 10% more productive. Get Hands On with Real Practice: Set up security labs and cyber ranges where people can experience simulated password attacks firsthand, building critical skills for their cybersecurity career. F.Learning Studio found that employees who face simulated attacks develop deeper understanding that sticks with them and keeps them motivated to stay vigilant. Train, Practice, Certify, Repeat: Don't just train once and forget it. Companies with structured, ongoing training see 218% higher income per employee than those that train sporadically according to Keepnet. Build Security Into Your Culture: Close the gap between security knowledge and actual practice by making security part of your company's DNA. A report conducted by INE Security found cybersecurity training programs are the most effective way to keep organizations secure in a cloud-dependent landscape.
'The data consistently shows that organizations investing in comprehensive, hands-on security training achieve measurable improvements in their security outcomes and realize significant returns on that investment,' Warn concluded. 'On World Password Day, I encourage security leaders to thoughtfully evaluate their current training approaches and consider how they might better develop the practical skills their teams need to address today's sophisticated password-based threats.'
About INE Security:
INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.
Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same.
GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
a day ago
- Yahoo
Propelling MSPs: Charting the Course to Unfettered Growth
LOUISVILLE, Colo., June 4, 2025 /PRNewswire/ -- JumpCloud Inc. has released the findings of its first report for managed service providers (MSPs). The 2025 MSP Performance Report shows the key traits of high-growth MSPs versus moderate-growth and stable MSPs. MSPs can use this data to boost their revenue growth and gain operational benefits. Drawing on insights from MSPs in the U.S. and the U.K., the report highlights the following approaches: Most MSPs are growing, but significant booms are rare: The vast majority of MSPs experienced revenue growth, with 89% reporting an increase in 2024 and none reporting a decrease. Yet, only 22% achieved high growth, defined as a revenue increase of over 20%. High-growth MSPs boldly adopt new technologies and changes: High-growth MSPs share a clear pattern: they adopt new technologies, take risks, and adapt to change easily. Embracing technological variety is essential for MSP growth: High-growth MSPs embrace the wider tech landscape. They focus on SaaS applications, productivity suites like Microsoft 365 and Google Workspace, and a mix of device operating systems. Fast-growing MSPs are already actively using artificial intelligence (AI): Seventy-five percent of high-growth MSPs use AI in their internal processes and client services. This shows that adopting AI is key to their success. Unmanaged complexity is a major barrier to MSP growth: Effectively managing complexity is identified as the primary factor influencing MSP growth. Many growing MSPs are finding ways to reduce complexity. They implement strong security policies, use automation, and adopt dedicated SaaS management solutions. Growth in MSPs leads to benefits beyond increased revenue: High-growth MSPs enjoy more than just revenue boosts. They also find it easier to hire and keep staff. Their sales and marketing efforts are more effective. Plus, they see better security results. "We understand that in the fast-paced world of managed services, clarity is key," said Antoine Jebara, co-founder and general manager of MSP business, JumpCloud. "This report cuts through the noise, offering practical, data-backed insights that MSPs can immediately leverage to enhance their service delivery, optimize their operations, and ultimately drive better outcomes for their clients." For the full report, download the "2025 MSP Performance Report" here. You can also check out our blog post for select findings from the report. Methodology: JumpCloud surveyed 300 managed service providers (MSPs) in the U.S. and U.K. The online survey was conducted by Redpoint LLC, from March 6, 2025 to March 20, 2025. The findings from the JumpCloud 2025 MSP Performance Report can be found here. About JumpCloud JumpCloud® delivers a unified identity, device, and access management platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. Learn more: us: Blog | Community | Podcast | X | LinkedIn | YouTube | Resources Click here to get started with JumpCloud ContactFor JumpCloudJosie Judypress@ View original content: SOURCE JumpCloud, Inc.
Tom's Guide
2 days ago
- Tom's Guide
It's time to update Chrome — zero-day bug is being exploited in the wild by hackers
Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March and May. As reported by Bleeping Computer, the latest flaw, tracked as CVE-2025-5419, is a high-severity vulnerability caused by an out-of-bounds read and write weakness in the V8 JavaScript and WebAssembly engines in Chrome. It was initially reported on a week ago by members of Google's Threat Analysis group; Google has confirmed that it is being exploited in the wild though the company is not sharing much additional information at the time as they are waiting until more users have had an opportunity to patch their browsers. In the security advisory published on Monday, the company is quoted as stating: 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' This is typical when it comes to active exploits, as it keeps other threat actors from hopping on the band wagon to take advantage of the vulnerability before users are able to update the fix. However, reporting from The HackerNews, says that the flaw involved allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google reports that the issue was mitigated a day after it was reported via a configuration change that was pushed through the Stable Desktop channel across all the Chrome platforms. The zero-day flaw was likewise corrected the same day with updates to Chrome that are rolling out to users in the coming weeks. Chrome does automatically update when new security patches become available, however users can make sure the installation is completed by going to the Chrome menu > Help > About Google Chrome. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Let the update finish then click Relaunch in order to make sure the patch has installed. The update versions are 137.0.7151.68/ .69 for Windows and macOS and version 137.0.7151.68 for Linux. Users of other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply the updates as they become available.
Yahoo
3 days ago
- Yahoo
INE Security Alert: $16.6 Billion in Cyber Losses Underscore Critical Need for Advanced Security Training
New FBI Data Reveals Organizations Need Deeper Technical Expertise to Detect, Contain, and Remediate Advanced Attacks CARY, N.C., June 2, 2025 /PRNewswire/ -- INE Security, a global leader in cybersecurity training and certification, is emphasizing the urgent need for technical cybersecurity professionals who can detect, analyze, and neutralize threats once they've bypassed initial defenses. The FBI's latest Internet Crime Complaint Center (IC3) Annual Report reveals a stark reality: cybercriminals extracted a record $16.6 billion from victims in 2024, representing a 33% increase over the previous year. While these losses include both individual and organizational victims, the enterprise-focused attacks highlighted in the report underscore a critical skills gap. The Technical Challenge Behind the Numbers While the FBI report captures the financial damage, the underlying technical reality is more complex: Ransomware Evolution: The 18% surge in critical infrastructure attacks, led by sophisticated variants like Akira, LockBit, and RansomHub, demonstrates that modern ransomware operators are using advanced techniques, including lateral movement, privilege escalation, and data exfiltration that require specialized detection and response skills. Post-Compromise Detection: The $2.77 billion in Business Email Compromise losses, which primarily target organizations, represent successful attacks that evaded initial security controls. Organizations need security professionals trained in forensic analysis, network traffic analysis, and incident response to identify and contain these threats after they've gained initial access. Cryptocurrency Attack Complexity: The 66% spike in cryptocurrency fraud ($9.3 billion total) includes attacks on both individual and organizational victims, but reflects increasingly sophisticated blockchain analysis requirements and the need for security teams trained in cryptocurrency forensics and threat hunting methodologies. INE Security's Technical Training Response "While the FBI report captures losses across all victim types, the enterprise-focused attacks demonstrate that organizations face increasingly sophisticated threats that require advanced defensive capabilities," said Dara Warn, CEO of INE Security. "Organizations need security professionals with hands-on technical skills to hunt threats, analyze malware, and respond to incidents with deep technical expertise." INE Security's enterprise training programs address the post-breach reality through: Advanced Threat Detection Labs: Hands-on training with current CVEs and attack techniques, enabling security teams to recognize and analyze the specific TTPs (Tactics, Techniques, and Procedures) used by ransomware groups and advanced persistent threats. Incident Response and Forensics Training: Practical skills in malware analysis, memory forensics, and network traffic analysis that enable rapid threat identification and containment once attackers have gained access. Threat Hunting Methodologies: Proactive detection techniques that help security teams identify compromise indicators before attacks reach their intended objectives. Industry-Specific Attack Simulation: Customized training environments that replicate the specific threats facing manufacturing, healthcare, government, and financial sectors—the industries most heavily targeted according to the FBI data. The Skills Gap Reality The FBI report's emphasis on successful Operation Level Up, which saved victims $285.6 million through proactive identification, underscores the value of skilled security professionals who can proactively hunt threats and analyze complex attack patterns. "The difference between a $10,000 security incident and a $10 million breach often comes down to detection speed and response capability," emphasized Warn. "Organizations with certified security professionals trained in advanced technical skills detect threats in hours rather than months." Enterprise Training That Addresses Real Threats INE Security's enterprise programs are designed around the technical realities revealed in the FBI report: Malware Analysis Training: Hands-on experience with current ransomware families and attack techniques Network Security Monitoring: Advanced skills in detecting lateral movement and data exfiltration Cryptocurrency Forensics: Specialized training in blockchain analysis and cryptocurrency threat hunting Custom Threat Simulation: Industry-specific attack scenarios based on actual threat intelligence For organizations looking to build the technical security capabilities needed to combat the sophisticated threats highlighted in the FBI IC3 report, INE Security offers customized enterprise training solutions. Organizations can request a demo to explore how advanced security training may enhance their detection and response capabilities. About INE Security INE Security is the premier provider of online networking and cybersecurity training and cybersecurity certifications. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is trusted by Fortune 500 companies worldwide for their cybersecurity training needs, and by IT professionals looking to advance their careers. INE Security's suite of learning paths offers an incomparable depth of expertise across cybersecurity education and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career. ContactKathryn BrownINE Securitykbrown@ Logo - View original content to download multimedia: SOURCE INE Security Sign in to access your portfolio
