May 9th, 2024 - Vancouver, BC, Canada - BC government staff were sent an email late day from deputy minister Shannon Salter to the premier and head of the public service, informing them of recent sophisticated cyber attacks on BC government networks. "As the work continues to investigate these incidents, please change your password from 10 to 14 characters as requested and respond promptly to any other instructions to improve security," said the email.

In an era where cyber attackers increasingly harness the power of artificial intelligence (AI) to breach security systems, Superion Inc, a Surrey BC based Cyber Security Provider is urging businesses and individuals to adopt comprehensive security strategies beyond merely extending their passwords from 10 to 14 characters. While longer passwords, passphrases, and Multi-Factor Authentication (MFA) remain important components of any security protocol, relying solely on them is now insufficient against advanced threats that use AI for wider, quicker, more sophisticated attacks.

Premier David Eby has announced that the province is collaborating with the Canadian Centre for Cyber Security among other agencies to understand the full extent of the breaches.  While this is a step in the right direction, it begs a critical question: Why were the gov standards for password strength set so low? Such a revelation makes it clear that government cybersecurity measures need urgent reassessment and strengthening, where many small to medium enterprises are also falling short.

Modern cybercriminals employ AI-driven brute force techniques that allow them to test countless password combinations rapidly. As computing power improves, even passwords that seem complex can be cracked within hours or days if other security measures are not in place.

"Password length alone isn't enough to deter attackers when they can use AI to break patterns and predict characters," say Mike Burton, owner at Superion. "In this environment, businesses and users need to embrace a multi-layered approach, using additional security methods to keep sensitive data safe. Modern technology can eliminate password breaches from being an issue."

To enhance security beyond just extending passwords, Superion recommends implementing the following best practices:

1. Multi-Factor Authentication (MFA): By requiring two or more verification factors, such as a one-time code sent to a mobile device, MFA adds a significant security layer, while not perfect in or foolproof by itself, does make it much harder for attackers to gain access.
2. Password Management Tools: Utilize password managers to create and store unique, complex passwords for different services, reducing the likelihood of password reuse and enhancing security.
3. Continuous User Education: Educate employees and users about common phishing schemes and social engineering tactics that can trick them into revealing passwords or other sensitive data.
4. Proactive Monitoring: Monitor for unusual login activity that could indicate compromised credentials or attempted breaches.
5. Endpoint Protection (MDR, SIEM, IDS): Ensure that all endpoints, from laptops to mobile devices, are secured and monitored for unauthorized access.

Effective cybersecurity is not just about managing passwords or implementing MFA; it involves a layered security approach where each layer serves to protect against flaws in others. Managed Detection and Response (MDR), Intrusion Detection Systems (IDS), and Security Information and Event Management (SIEM) are vital components of a robust cybersecurity strategy. These technologies help identify, evaluate, and mitigate threats in real-time, ensuring that breaches can be handled swiftly and efficiently.

"AI attacks represent a growing threat to password security, which is why our clients benefit from the proactive strategies that we together plan and build for them," Burton adds. "Our team at Superion remains committed to offering tailored cybersecurity solutions that recognize the evolving nature of cyber threats."

About Superion. Superion Inc., based in Surrey BC, is a Canadian owned and operated IT service provider focused on helping businesses across the country support, manage, and secure their IT infrastructure and ensure continuity through tailored IT and cybersecurity strategies. Their team of experts offers a full range of end-to-end managed IT and cyber security solutions, from proactive planning and monitoring to rapid incident response, all backed by a dedication to customer relationships and success.

To learn more about their IT security, support services, and how they can help SMEs thrive in the digital age, visit www.superion.ca.