Tech CEO issues urgent advice ahead of World Password Day

Businesses that ignore the danger of relying solely on passwords to secure critical systems and devices are speeding towards disaster, a leading tech CEO has warned.

Roy Shelton, Group CEO of managed services provider Connectus Business Solutions, said the password model is fundamentally failing and organisations need to adopt a multi-layered approach if they are to avoid potentially devastating security incidents.

Ahead of World Password Day on 1 May, he warned that the threat of cyberattacks is increasing alarmingly, as attackers are operating at an industrial scale and AI is accelerating the tempo and complexity of intrusion attempts.

The latest data from the Home Offices Cyber Security Breaches Survey 2025 shows that 43% of businesses experienced a data breach during the year, as did 30% of charities.

Phishing attacks remain the most prevalent and disruptive type of breach or attack, which were experienced by 85% of businesses and 86% of charities.

However, Mr Shelton said the numbers hide the fact that the threat landscape has changed dramatically over the past year, and relying only on passwords leaves organisations wide open to consequences that are becoming increasingly severe.

“AI-powered cracking tools can test weak passwords in seconds,” he said. “There are literally billions of leaked credentials available on the Dark Web and on hacking forums and bad actors are increasingly using automation to use these in so-called credential stuffing attacks.

“In early April, for example, the UK’s National Cyber Security Centre said that hackers working for Russia GRU military intelligence agency have been harvesting passwords and authentication tokens on a massive scale by exploiting vulnerabilities in widely-used types of internet routers.”

Mr Shelton said that the human behaviour is the weakest link in the security chain, where reusing passwords or keeping default credentials

“Nearly all data breaches have their root cause in predictable human behaviour. Default and reused passwords are potentially catastrophically dangerous. The gap between how people use passwords and modern security requirements has become dangerously wide.”

His recommendations for bolstering security are:

• Strong passwords and MFA – enforce complex passwords and enable multi-factor authentication wherever possible.
• Employee awareness training – people are the first line of defence; invest in training to spot phishing and social engineering attacks.
• Endpoint protection – ensure every device is protected with anti-virus and endpoint detection tools.
• Access controls – limit user access to sensitive data based on roles and responsibilities and permission-based requirements.
• Email security – deploy spam filters and threat detection to reduce phishing risks.
• Incident response planning – have a clear, tested plan for how your business would respond to a breach.
• Leverage external expertise – partner with trusted cyber specialists to audit, monitor, and continuously strengthen your defences.

Mr Shelton added: “Use a reputable managed service provider (MSP) or security partner to monitor and respond to threats. This ensures that if there is an attack, remediation can begin immediately and the incident managed professionally.”

For more information see connectus.org.uk