INE Security Alert: World Password Day 2025 Cybersecurity Training Insights

By GlobeNewswire Published on May 1, 2025, 15:02 IST
Cary, NC, May 01, 2025 (GLOBE NEWSWIRE) — INE Security, a leading global provider of hands-on cybersecurity training and cybersecurity certifications, today released expert analysis on the current state of password security and security team training best practices as organizations recognize World Password Day on May 1, 2025.
Threat intelligence data shows that password vulnerabilities continue to be the favorite target for hackers worldwide, despite years of warnings from security experts. While companies keep investing in advanced security tech, the humble password remains the front door to most organizations—and too often, it's a door with a broken lock.
'It's concerning to see password-related breaches still dominating security incidents despite all the technological advances,' said Dara Warn, CEO of INE Security. 'What we're finding is that there's a persistent gap between security training and implementation—teams know what they should be doing, but putting that knowledge into practice remains challenging. That's why we're emphasizing practical, hands-on cybersecurity training that transforms security knowledge into meaningful action.'
INE Security's analysis reveals three critical password security trends for 2025: Credential Stuffing Attacks Are Getting Worse
According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches.
According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches. People Just Aren't Using Password Managers
Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, Security.org's 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials.
Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, Security.org's 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials. Hackers Are Getting Better at Bypassing MFA
Multi-factor authentication has improved, but phishing campaigns designed to steal those verification codes have gotten much more sophisticated. Keepnet Labs found that 15-20% of phishing attacks are now specifically crafted to get around MFA protection.
Addressing these vulnerabilities requires comprehensive cybersecurity training that prepares teams for real-world threats.
The Security Training Reality Gap
INE Security recommends a fresh approach to security training to fix these problems and strengthen password protection: Make Training Count: Ditch the annual checkbox compliance training for realistic cybersecurity training scenarios that mirror actual credential attacks. IBM found that top-performing companies are 68% more likely to provide effective training compared to low performers. Teams with proper training save around $70,000 annually and are 10% more productive. Get Hands On with Real Practice: Set up security labs and cyber ranges where people can experience simulated password attacks firsthand, building critical skills for their cybersecurity career. F.Learning Studio found that employees who face simulated attacks develop deeper understanding that sticks with them and keeps them motivated to stay vigilant. Train, Practice, Certify, Repeat: Don't just train once and forget it. Companies with structured, ongoing training see 218% higher income per employee than those that train sporadically according to Keepnet. Build Security Into Your Culture: Close the gap between security knowledge and actual practice by making security part of your company's DNA. A report conducted by INE Security found cybersecurity training programs are the most effective way to keep organizations secure in a cloud-dependent landscape.
'The data consistently shows that organizations investing in comprehensive, hands-on security training achieve measurable improvements in their security outcomes and realize significant returns on that investment,' Warn concluded. 'On World Password Day, I encourage security leaders to thoughtfully evaluate their current training approaches and consider how they might better develop the practical skills their teams need to address today's sophisticated password-based threats.'
About INE Security:
INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.
Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same.
GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Yahoo

5 days ago

• Yahoo

Cybersecurity Jobs That Will Dominate 2026: INE Security Prepares Professionals for the Most Critical Roles

Cary, NC, June 17, 2025 (GLOBE NEWSWIRE) -- INE Security, a leading global cybersecurity training and IT security training provider, is releasing new analysis of cybersecurity roles that will dominate the 2026 job market. Based on a comprehensive analysis of industry data and research released at major cybersecurity conferences, including RSA Conference 2025, GISEC Global 2025, and worldwide Black Hat events, INE Security has identified cybersecurity job roles where the highest market demand intersects with hands-on technical expertise. "Skill shortages are a major concern throughout the cybersecurity industry, particularly in mission-critical roles,' said Tracy Wallace, INE Security's Director of Content Development. 'INE Security's hands-on cybersecurity training methodology creates job-ready professionals in the areas where technical expertise can make the greatest immediate impact. Our 3,100+ browser-based labs don't just teach concepts—they build the practical IT security training skills that organizations need right now." Critical Cybersecurity Roles Shaping 2026: Identity Security Posture Management (ISPM) Specialists: With identity-related breaches continuing to plague organizations, ISPM specialists will be essential for enterprises seeking to uncover and address identity risks across hybrid cloud and on-premises systems. RSAC 2025 emphasized new ISPM capabilities and innovations to protect passwordless environments, while major vendors announced ISPM solutions as core offerings. : Comprehensive Active Directory security training, Identity and Access Management courses, and privilege escalation techniques integrated across the eJPT and eCPPT learning paths provide unparalleled preparation for ISPM roles : More than 500 hands-on labs focused on identity security give professionals the practical expertise enterprises desperately need to secure hybrid environments Career Pathway: Clear progression from fundamental identity concepts to advanced enterprise identity architecture management Crowdsourced Red Team Specialists: The cybersecurity industry is exploring offensive security through distributed approaches. At RSAC 2025, Bugcrowd launched the industry's first Crowdsourced Red Team as a Service platform, connecting organizations to global networks of vetted ethical hackers for real-time, intelligence-led testing. This model brings the potential for massive scale and flexibility to traditionally resource-heavy security assessments. INE Security Training Advantage: Proven pentester training progression from eJPT (Junior Penetration Tester) through eCPPT (Certified Professional Penetration Tester) to eWPTX (Web Application Penetration Tester eXtreme) creates the exact ethical hacking expertise needed for distributed red team operations : Students practice authentic attack scenarios through browser-based labs that simulate crowdsourced testing environments : INE Security's pentester certifications are trusted by Fortune 500 companies globally, specifically for roles requiring hands-on offensive security expertise Mobile Threat Analysts: Cyber attackers are increasingly prioritizing mobile over desktop environments. Zimperium's 2025 Global Mobile Threat Report showed that smishing now comprises over two-thirds of mobile phishing attacks. Organizations need specialists focused exclusively on mobile security infrastructure. INE Security Training Advantage: The eMAPT (Mobile Penetration Testing) certification provides foundational mobile security expertise, positioning graduates for the expanding mobile defense field Expanding Curriculum: INE Security is developing advanced mobile defense training to address enterprise mobile threat intelligence and incident response Market Opportunity: As one of the few providers offering hands-on mobile security labs, INE Security graduates enter this high-demand field with immediate practical capabilities AI Security Specialists/Engineers: The demand for AI security expertise has reached unprecedented levels. RSA Conference 2025 featured over 100 sessions dealing with artificial intelligence, with attendees noting the event had transformed into "RSAI" rather than RSAC. GISEC Global 2025 was held under the theme 'Securing an AI-Powered Future,' emphasizing AI governance and digital ethics as critical areas requiring immediate attention. INE Security Training Advantage: INE Security's strong training materials in threat detection and analysis, combined with foundational AI skills, provide professionals with transferable skills applicable to AI security roles Market Opportunity: Represents the highest-growth career opportunity in cybersecurity as organizations deploy AI-powered security tools while defending against AI-enhanced attacks Industry Development: The cybersecurity training industry is scrambling to develop AI security courses to meet skyrocketing demand Cloud Security Engineers: Cloud Security Engineers are integral to organizational resilience as businesses accelerate cloud adoption. With 45% of organizations reporting unfilled cloud security roles and experienced professionals commanding salaries above $155,000 annually, this represents one of the highest-demand technical specializations. AWS Certified Security - Specialty is now recognized as one of the highest-paying technical cloud positions in the world, with an average global salary of $158,594. : Comprehensive cloud certification preparation across AWS, Azure, and Google Cloud platforms with dedicated learning paths for AWS Solutions Architect Associate, AWS SysOps Administrator Associate, Azure Security Engineer Associate (AZ-500), and Azure Administrator Associate (AZ-104) Hands-On Cloud Labs: 130+ hands-on labs specifically designed for cloud security scenarios, plus additional cloud security collections in Skill Dive for real-world practice Security-First Approach: INE Security's "learn by doing" cybersecurity education methodology ensures graduates develop practical cloud security skills that directly address enterprise needs for securing AWS, Azure, and GCP environments Training That Delivers Career Resilience INE Security's approach addresses the intersection of market demand and practical skills development: Immediate Market Entry: Identity security, red team operations, and mobile defense roles offer immediate career opportunities for technically skilled professionals Skills Premium: Organizations investing in cybersecurity education programs are overwhelmingly more likely to retain cybersecurity professionals, according to a 2024 LinkedIn workforce study, directly addressing skills shortages in high-demand technical roles Future-Proofing: As digital transformation accelerates, technical security roles address fundamental infrastructure needs that will intensify through 2026 and beyond Clear ROI: Professionals can immediately contribute to identity security, red team operations, and mobile defense initiatives with hands-on expertise "The convergence of identity threats, sophisticated attacks, and mobile vulnerabilities creates new opportunities for cybersecurity professionals who combine technical depth with practical experience," continued Wallace. "INE Security's strength lies in preparing professionals for roles where hands-on technical skills directly address critical business security needs." About INE Security INE Security is the premier provider of online networking and cybersecurity training and cybersecurity certifications. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths and preparation for professional certifications offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training for cybersecurity jobs while also lowering the barriers worldwide for those looking to enter and excel in an IT career. CONTACT: Kathryn Brown INE kbrown@

Forbes

5 days ago

• Forbes

What The Next Iteration Of Cyberattacks Could Look Like

Ankush Chowdhary is a cybersecurity executive and author. He is the vice president and CISO at Hewlett Packard Enterprise. getty Eric, a senior executive, is winding down after a long day, mindlessly scrolling through a social media app. Amid the usual noise, one video catches his eye. She's different. Clever, tuned into his tastes in vintage watches, obscure jazz and dry humor. A comment turns into a thread, then into regular chats. Over the weeks, she becomes a familiar presence. One evening, she sends a message: 'Join me in VR? There's this jazz lounge I think you'd love.' It seems harmless. Maybe even fun. But it's bait. Eric accepts. He enters the virtual lounge, chats with her avatar, laughs and downloads a file supposedly containing backstage photos. He clicks on the file and unknowingly steps into one of the most sophisticated cyberattacks in play today. Eric sleeps soundly. He thinks he's made a harmless new connection online. But the malware hiding in that file has already started working. Here's what it does, and this is where things get disturbing. Attackers scrape hours of your voice from podcasts, calls or videos. With just five minutes of new audio, AI (like Vall-E) clones not just your voice but your cadence, hesitations and tone. Using public footage and VR session data, tools like DeepFaceLab create real-time avatars that mimic your expressions—blinking, nodding, even smirking on Zoom calls. Malware logs keystrokes, mouse movements and screen habits. Attackers replicate how you work, bypassing behavioral biometric security. • Session Hijacking: Stolen cookies and API keys bypass MFA. • Live Impersonation: A deepfake attends meetings, messages colleagues or approves fraudulent transactions. • Undetectable Breaches: Every action looks legitimate—because it's your identity, weaponized. Most cyberattacks we know today rely on technical weaknesses: vulnerable ports, poor password hygiene, unpatched systems. But this new form of attack exploits something more fundamental: human trust. It is psychological, not just technological. A social media app isn't just a content engine—it's a profiling machine. Its algorithm builds a behavioral model from everything you do, including what you pause on, what you comment on, when you swipe. Combined with public content like blog posts and interviews, this allows attackers to create an AI persona that feels eerily tailored. They build an influencer around your interests. Someone who talks about your niche hobbies. Someone who shares your worldview. They interact until it feels real. This is where it stops feeling like an attack and starts feeling like a friendship. The persona shares personal stories. Maybe they are having a bad week. They go into detail about their failed startup. They note their love for the same obscure jazz artist you mentioned. It's fake, but it feels intimate. That reciprocity builds trust. Before any malware shows up, the attacker runs small, low-stakes tests: • 'Hey, can you check if this file opens on Mac?' • 'Mind reviewing this link real quick?' • 'Does this message look like phishing? I know you'd spot it.' These tests measure how much influence they have. Each success lowers your defenses a bit more. Their interactions with you drive up visibility. The more you engage, the more you see them. Soon, they're everywhere in your feed. It's a feedback loop designed to deepen the illusion of connection. Eventually, they become your digital confidant. And you stop questioning their presence. By the time the real ask comes, you don't feel manipulated—you feel seen. The goal isn't to access your account. It's to become you. A cloned voice places a call. A deepfake sits in your meeting. Your Slack messages ask someone to override a safeguard. Your credentials log into the company's cloud. None of it looks suspicious. Because from the outside, it is you. This is the chilling truth: When your identity becomes the weapon, most security tools don't know how to defend against it. They're built to spot intruders. Not replicas. So why is this different? Let's be honest: Traditional phishing was always a numbers game. Spray and pray. This isn't that. This is slow. Personal. Surgical. And in many ways, it's more dangerous because it doesn't look like an attack. Use two-step validation for critical actions. If it involves money, data or elevated access, verify through a different channel—especially if the request feels familiar. Limit public audio and video. Don't overshare. If you don't need to speak at that panel, then don't. Or at least watermark and encrypt the output. Train your teams to expect synthetic attacks. Simulate fake voice calls, videos and messages. Help them recognize not just the tech but the psychological setup behind the bait. Use tools that track more than login data. Look for subtle behavioral shifts in typing speed, mouse paths and application usage patterns that don't match the real person. Move beyond point-in-time authentication. Use ongoing signals to decide if a user remains trustworthy throughout a session. A social media app isn't the villain. But it may be the starting point. Because the next major breach won't be a technical exploit. It'll feel like a conversation with someone who gets you. Someone who remembers your favorite song. Someone who asks about your day. Someone who sends you a file, and you open it. And the only real defense is a new mindset. Trust, once assumed, must now be earned and continuously verified. In the future of cybersecurity, identity is no longer something you prove once. It is something you must protect constantly. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Business Insider

6 days ago

• Business Insider

My Funding Account Builds a Global Trader Community on Trust, Transparency, and Growth

Katowice, Poland, June 16th, 2025, FinanceWire My Funding Account P.S.A. ('MFA'), a proprietary trading firm based in Poland, has introduced a new operational model that prioritizes trader support and community engagement over traditional contractual structures and profit-first frameworks. Launched by seasoned trader and educator Paweł Grądziuk, MFA is quickly gaining momentum as a prop trading alternative built around fair rules, real support, and human-first principles. As one of the fastest-growing prop trading firms in the region, MFA operates under a mission to remove the financial barriers traditionally associated with entering the trading industry. With over $31 million in fund valuation and a supportive community of traders, the company provides a risk-controlled environment where participants can learn, grow, and profit from real capital, without using personal funds. 'We didn't want to build another trading platform,' said Paweł Grądziuk, CEO of My Funding Account. 'We wanted to build the prop firm we wish existed when we started, one that respects traders and rewards performance, not marketing.' With nearly two decades of experience in the financial markets, Grądziuk created MFA to serve traders with honesty and structure. Today, MFA is more than just a prop firm, it's an ecosystem that blends capital access with community, education, and daily support. MFA isn't just a trading platform. It's a growing ecosystem. With deep roots in the Polish trading education scene through its sister brand All In Traders, MFA connects thousands of traders through: Live Trading Room access and Discord support groups Daily broadcasts, Q&A sessions, and market discussions Educational events including AllInCamp, trader meetups, and webinars Unlike firms that focus only on signups, MFA provides a clear, performance-based path from demo to funded trading, and scaling up to $2,000,000 based on consistency. Interested traders can register for upcoming webinars at and explore trader content on MFA's YouTube Channel The MFA Scaling Program: A Path to Serious Capital MFA's Scaling Program rewards traders for one thing: consistency. Here's how it works: Trading profitably for 4 months with a minimum 1.5% monthly average MFA boosts account size by 25% automatically—no applications or forms Repeating the cycle, scaling up to $2 million in capital This long-term approach helps traders develop sustainable habits while giving them the capital needed to step into pro-level trading. Challenge Plans at a Glance Account sizes from $7,500 to $250,000 90% profit split after verification Max loss tolerance up to 12%, depending on plan Unlimited trading period Minimum 5 trading days Platforms: MT4, Match-Trader, and TradingView Withdrawals processed in as little as 60 minutes (post approval) A Transparent, Human-Driven Team Behind MFA is a real, accessible team of traders, mentors, and support staff, led by CEO Paweł Grądziuk, alongside Vice Presidents Piotr Grądziuk and Jakub Podstawski. With dedicated departments covering finance, legal, customer support, and trader education, MFA operates with real accountability and full transparency. No anonymous profiles. Just people traders can actually talk to. About My Funding Account My Funding Account P.S.A. is a proprietary trading firm headquartered in Katowice, Poland, offering traders a path to funded capital without risking their own funds. With a focus on education, community support, and performance-based funding, MFA provides up to $2 million in scaling capital through its challenge model and long-term trader development programs. The firm is backed by Polish Fundusz Multimedialny S.A. (PFM), a diversified investment holding valued at over $31 million, with a portfolio spanning fintech and digital infrastructure across Europe. This institutional partnership brings financial strength and long-term credibility to MFA's operations, reinforcing its mission to support traders with real opportunities.