Skip to content

Stop reusing passwords: what recent NordPass survey reveals

Inside the 2025 NordPass password reuse survey

To measure just how regular the habit of password reuse remains, NordPass commissioned an independent research team to conduct interviews with 1,727 adults—619 Americans, 605 Britons, and 503 Germans. The questionnaire dug into 3 areas:

  • How often people reuse logins.

  • How many passwords and accounts the habit affects.

  • Why they still do it in 2025.

United States

  • 62% of Americans confess they “often” or “always” reuse a password.

  • The median reuser juggles 3 core passwords that unlock about 5 different accounts.

  • Half say they do it because it is “easier to remember fewer passwords,” and 1 in 3 feel overwhelmed by the sheer number of services they use each month.

  • A troubling 11% see “no significant risk” in repetition—proof that experience, not warnings, drives behavior.

United Kingdom

  • 60% recycle logins.

  • Memory anxiety eclipses convenience: 40% fear they will lock themselves out if every password is unique.

  • Convenience and “too many accounts” tie for second place, and the same 11% shrug off the threat altogether.

Germany

  • 50% reuse passwords, the “best” score but still a coin toss.

  • Convenience is the main motive for 37% of German reusers, with 29% citing account overload.

  • 13% believe repetition is practically harmless.

Taken together, the data say one thing: roughly 57% of consumers across 3 advanced economies still bet on duplicate credentials. That is a majority large enough to keep credential‑stuffing operations profitable for years.

Why people still reuse passwords

Respondents fell into 4 overlapping camps when it came to explaining their password reuse habits:

  • The memorizers. About half of the Americans, 43% of the Britons, and 37% of the Germans who participated in the survey say they reuse passwords because it is “easier to remember fewer passwords.”

  • The overwhelmed. Around 30% in each country cite “too many accounts” to manage different passwords.

  • The anxious. Fear of forgetting unique logins peaks at 40% in the UK, 38% in the US, and 31% in Germany.

  • The skeptics. Between 11% and 13% have never had to deal with the consequences of being breached and assume the risk is overblown.

How cybercriminals take advantage of reused passwords

Reuse turns one leak into a chain reaction. If hackers steal your password from a single site, they can try the same login on every other service you use—email, banking, work apps—until one opens. That’s why password reuse matters. And the criminal economy around stolen logins is on an industrial scale. It moves fast. Once a breach hits the dark web forums and marketplaces, there are multiple ways for bad actors to profit from stolen and reused credentials.

  • Credential stuffing. Attackers equipped with vast quantities of reused credentials load millions of user-password pairs into botnets that fire automated logins. Even a 1% success rate nets thousands of working accounts.

  • Account takeover. A reused password—usually exposed in data breaches—that opens your email inbox lets cyber crooks reset everything else—cloud storage, cryptocurrency wallets, emails, etc. The initial foothold becomes a pivot point into higher‑value targets.

  • Social engineering. With control of social or business accounts, criminals study message history and craft believable requests: “Can you approve this invoice?” or “Forgot to pay the supplier—use this account.” Victims respond because the request comes from what would appear to be a trusted identity.

The role of businesses in preventing password reuse

Companies sit on both ends of the password reuse problem. They must protect their staff from careless habits, and shield customers whose credentials may already be up for sale on the dark web. There are a few ways organizations can tackle the problem.

Reject reused credentials

During the signup or password reset process, the site should check the proposed password against a breach database. If the string has appeared in past leaks—or looks identical to one already on file—the user sees an offer to choose something stronger. Also, embedding a one‑click password generator would remove friction.

Layer authentication

Multi‑factor authentication stops automated takeover even when credentials leak. A growing number now leapfrog passwords altogether by offering FIDO passkeys — device‑bound cryptographic secrets that can’t be reused or phished.

Security training

Companies that run frequent, hands‑on security workshops experience far fewer cases of employees reusing credentials. Demonstrating how quickly a single compromised login can ripple through an entire network makes it clear that password reuse is a very bad habit.

Password manager adoption

Many companies now encourage—or even require—the use of business password managers. When staff have a secure vault for their logins, they’re far less likely to recycle passwords. Most vaults also include built-in password generators that create strong, random strings on demand, taking the guesswork out of crafting robust credentials.

How to stop reusing passwords

To effectively break the habit of password reuse, all you need is a workflow that treats strong, unique credentials as the default rather than the exception. Here are some pointers on how you can do that.

Adopt a password manager

Tools like NordPass generate, sync, and autofill passwords across devices. The user remembers one Master Password; the vault remembers the rest. A built-in Password Generator produces random, high‑entropy strings at the click of a button, eliminating the temptation to ring in the new year with P@ssw0rd2026.

Consider passkeys

A passkey pairs public‑key cryptography with device biometrics, so there’s nothing to type, nothing to forget, and nothing to reuse. Many major platforms already support them; our What is a passkey? explainer walks you through setting one up for the first time. Where passkeys are unavailable, turn on MFA to add a second check that attackers can’t guess from a breached list.

Audit dormant accounts

Old forums, shopping sites you used once for a novelty gift, that abandoned fitness‑tracking app—each is a latent vulnerability if it shares credentials with active services. Close the account, or at least reset the password to something unique. Browse our annual list of the most common passwords for inspiration on what not to choose.

Final thoughts

Password reuse thrives on short‑term convenience and long‑term optimism. Our survey shows that 57% of users in 3 mature digital economies still rely on that optimism, even as criminals industrialize credential theft. The cure is hardly exotic: password managers, layered authentication, and a realistic assessment of risk. Breaking the habit doesn’t demand perfect vigilance, but rather a willingness to trade poor memory tricks for purpose‑built tools.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

The Overlooked Vulnerabilities of the DNS Protocol: What is DNS Tunneling?

What is DNS Tunneling and How Does It Work?

DNS is often called the “phonebook of the internet,” translating human-friendly domain names into IP addresses. Under normal conditions, a DNS query contains only the information needed to resolve a hostname to an IP address. DNS tunneling exploits this protocol by inserting arbitrary data into DNS queries and responses, effectively encoding other communications within the DNS traffic . In a typical DNS tunnel, an attacker sets up a malicious domain and an authoritative DNS server for that domain. Malware or a compromised device inside the target network will then encode data (e.g. stolen information or command-and-control messages) into DNS queries for subdomains of the attacker’s domain . These queries travel as normal DNS requests through the organization’s DNS servers and resolvers, eventually reaching the attacker’s authoritative DNS server, which decodes the hidden data. The attacker’s server can likewise encode responses to send commands or data back to the compromised system. In essence, DNS tunneling establishes a covert, bidirectional channel over DNS, a channel that most network defenses don’t inspect closely, since DNS is usually viewed as benign name resolution traffic.

DNS tunneling represents a critical, yet often underestimated, vulnerability within the DNS protocol. In this first part of our series, we explored what DNS tunneling is, how it operates by exploiting legitimate DNS requests, and the differences between normal DNS traffic flows and tunneled traffic. We also reviewed some of the open-source tools commonly used to facilitate DNS tunneling, highlighting how accessible and adaptable these methods have become.

From a technical standpoint, DNS tunneling works by encoding data from other protocols or applications into DNS messages . For example, an infected client might take a chunk of payload, say part of a file or a command, base32 or base64 encode it, and append it as a subdomain in a DNS query (e.g. <encoded-data>.malicious-domain.com). When the organization’s DNS resolver receives this query, it thinks it’s a normal lookup for an external domain and forwards it to a public DNS resolver, which in turn asks the attacker’s authoritative name server. The authoritative server, controlled by the attacker, receives the query, decodes the data from the subdomain, and may respond with a DNS answer that also contains encoded data in a TXT record or in the field of an A record. The compromised client then decodes that data from the DNS answer. In this way, the attacker and malware establish a two-way communication tunnel hidden inside DNS traffic. Practically any type of data can be tunneled, attackers can exfiltrate sensitive files in small chunks, or send commands to a backdoor implant, all obscured as DNS queries and replies.

Because DNS is such a fundamental service, it is almost always allowed to operate freely. Most DNS queries use UDP on port 53 with fallback to TCP for large responses, and this port is typically open through firewalls and allowed on almost every network . Attackers leverage this by sending their malicious traffic over DNS, knowing that it will bypass many restrictions that would stop other channels. In summary, DNS tunneling repurposes a ubiquitous infrastructure protocol for covert communication. Next, we’ll examine why this technique is so dangerous for companies.

Open-Source DNS Tunneling Tools and Their Capabilities

There are several open-source tools that implement DNS tunneling, each with its own features and use-cases. These tools are often used by penetration testers to bypass captive portals or by attackers to establish C2 channels. Below is a list of some well-known DNS tunneling tools and a comparison of their functionality:

Each of the DNS tunneling-specific tools above can be used maliciously to bypass network defenses. Notably, they are all freely available, lowering the barrier for attackers. Next, we will visualize how normal DNS traffic flows in a network versus how a DNS tunneling attack leverages that flow for illegitimate purposes.

Normal DNS Traffic Flow vs. DNS Tunneling

To better understand DNS tunneling, it’s helpful to contrast it with normal DNS resolution. Figure 1 shows a simplified normal DNS query flow within an organization, while Figure 2 illustrates a DNS tunneling scenario (malicious flow). We will describe each in turn:

In a typical corporate network, clients (user workstations or devices) send DNS queries to a local DNS server (often an internal DNS or one provided by the organization). This DNS server is within the company’s network perimeter, protected by the firewall, and will resolve names on behalf of clients. If the local DNS server doesn’t know the answer (the domain is external), it will forward the query out through the firewall to a public DNS resolver (such as an ISP’s resolver or a service like Google DNS). The firewall permits these DNS requests (UDP/53) to pass because DNS is necessary for connectivity. The public resolver then performs the recursive resolution: it contacts the appropriate authoritative DNS servers for the domain in question. For example, if the client is resolving example.com, the resolver will query the root servers, then the .com TLD servers, and finally the authoritative server for example.com to get the IP address. The answer (the resolved IP) comes back from the authoritative DNS server to the public resolver, and then back through the firewall to the company’s DNS server, and finally to the client. All of this happens in the background within milliseconds, enabling the client to connect to the desired host. In the normal flow, all DNS queries are for legitimate hostnames and the responses are IP addresses or other genuine DNS records. The key point is that the authoritative servers involved belong to the real owners of the domains being queried (e.g., the authoritative server for google.com is Google’s DNS server). The DNS traffic contents are just domain names and IP addresses, no hidden messages.

DNS Traffic Flow Diagram

Now consider a scenario where malware inside the network is performing DNS tunneling. The setup looks similar on the surface, the client still queries the internal DNS server, which forwards the query out to a public resolver, and an authoritative server eventually provides an answer. The crucial difference is the query itself and the ownership of the authoritative server. In a DNS tunneling attack, the attacker has registered a domain, say, attacker-domain.com, and set up an authoritative name server (NS) for it under their control (red server in the diagram). The malware doesn’t ask for something like login.microsoft.com; instead it queries a subdomain that encodes data, such as abcd1234.attacker-domain.com, where abcd1234 is encoded stolen data or a command. This query goes to the company DNS server, then out to the public resolver. The public resolver sees that the query is for attacker-domain.com and thus needs to go to that domain’s name server, which is the attacker’s malicious DNS server. The query reaches the attacker’s DNS server, which recognizes the encoded data (the abcd1234 subdomain) as part of the secret communications. It then formulates a DNS answer. For example, it might return a TXT record for abcd1234.attacker-domain.com with some encoded content, perhaps the next chunk of exfiltrated data, or the instruction “OK” for the malware to proceed. That answer travels back to the public resolver, through the firewall, into the company DNS, and back to the malware client. To any intermediate observer, this was just a DNS lookup for an external domain. However, in reality the DNS query/response carried hidden information. The authoritative server in this case is the attacker’s server (not a legitimate one), so the attacker can respond with anything. Essentially, the firewall and public DNS see a query to an innocuously named domain and allow it, not realizing it’s a Trojan horse carrying data out. Over time, the malware will keep sending these queries to carry chunks of data or to poll for commands. The attacker’s name server will keep responding with the necessary info encoded in DNS responses. This covert communication can continue as long as the DNS traffic is not detected as abnormal. A few characteristics of malicious DNS tunneling traffic (as in Figure 2) contrast with normal DNS (Figure 1): the queries often contain long, random-looking subdomains (since they carry binary data encoded as text), the queried domain is often one that nobody in the organization would normally use, and the frequency of queries might be high (to send more data) or at odd intervals. These anomalies can be used to detect tunneling, which we’ll discuss next. But without specific DNS monitoring, those differences can easily be missed, allowing the tunneling to run unhindered.

DNS Tunnel Diagram

In the following parts of this series, we will dive deeper into why DNS tunneling is so dangerous for businesses and organizations, and why it remains relatively easy to execute even today. Understanding these risks is crucial for building a comprehensive cybersecurity defense.

To stay ahead of these threats, we invite you to start a free trial of SafeDNS today. Our advanced Protective DNS solution helps detect and block DNS tunneling activities, safeguarding your network and devices from covert attacks. Don’t wait until it’s too late. Secure your infrastructure with SafeDNS now.




About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

The changing DNA of organized crime in Europe: key insights from the 2025 EU-SOCTA

Organized crime is no longer out on the streets—it has seeped into the very fiber cables that keep the internet running, creating new hybrid and wholly virtual threats that require unprecedented strategies to tackle. In March, Europol published the 2025 EU Serious and Organized Crime Threat Assessment, or the EU-SOCTA. It revealed that the DNA of organized crime has been undergoing serious shifts, posing threats that may be more dangerous and destabilizing than ever before.

EU-SOCTA 2025 at a glance

The EU-SOCTA is a report issued by Europol every 4 years that assesses serious and organized crime activities in the EU and the evolution of criminal tendencies and practices. It serves as the foundation for the EU’s strategic approach toward tackling serious and organized crime.

The data is extracted from Europol’s investigations and contributions from other law enforcement partners around the globe. The EU-SOCTA helps decision-makers, whether at the governmental, business, or individual level, to set priorities and to effectively prepare for and combat serious threats.

Europol is the EU’s law enforcement agency, focusing on combating serious international crime and terrorism in all Member States. It collaborates with other EU agencies and international partners to strengthen global security cooperation and share intelligence on ongoing threats.

For the 2025 assessment, Europol gathered data from thousands of law enforcement investigations and used the expertise of EU agencies and international organizations to create the most comprehensive analysis of serious and organized crime to date.

Destabilizing the Union

The 2025 EU-SOCTA makes it clear—as the world evolves, so does the DNA of organized and serious crime. The online space has become its new home and facilitator, as criminals increasingly rely on the internet to conduct their activities.

Switching their primary headquarters to the digital world—spaces like the dark web, social media platforms, and e-commerce sites—allows criminals to utilize digital tools for more malicious attacks. Developments in the tech world facilitate speedier execution on a larger scale and make it harder to track down perpetrators, particularly those relying on decentralized blockchain systems.

The report names the destabilization of the EU as one of the biggest threats posed by serious and organized crime. Criminal organizations aim to reduce trust in the legal system and government through the spreading of violence, illicit proceeds, and corruption. They rely on digital innovations like AI to conceal their activities and make it harder to trace crime back to its source.

The offender profile: younger and more violent than before

As the way the crimes are committed shifts, so does the profile of the criminal. As the 2025-SOCTA reveals, the criminals are becoming younger, more tech-savvy, and more brutal than before. In an interview with NordPass in 2024, Adrianus Warmenhoven mentioned that people working for cybercriminals may not know the nature of their work, instead assuming they’re hired as IT consultants.

The report notes the exploitation of younger perpetrators to conduct illegal trade and commit crimes for a reward. Young recruits—including minors—are preferred as they’re more willing to conduct illicit activities without financial reward. Blackmail is often used to maintain this working relationship.

Criminals use end-to-end communication services to plan and execute their attacks. Encrypted channels make it harder to intercept communication and offer anonymity, IP obfuscation, rotating IDs, or automatic message deletion after a set period of time.

One aspect remains largely unchanged: financial interest. Criminal networks use illicit means to fund their operations, whether via corruption or money laundering. Some may be working for hire, receiving funding from larger organizations to disrupt society and conduct their activities.

Part of the shift is relying less on legal tender and more on cryptocurrencies to funnel illicit funds. Cybercriminals use blockchain technology to transfer the money as crypto, making it harder for investigators to track down or recover. Crypto technology has also been combined with malware to bolster cryptojacking, a type of attack where a device is infected and hijacked to be used as a crypto mining machine.

Threat actors tend to start with smaller misdemeanors, building up the damage over time, leading to the so-called woodpecker effect. By acting small at first, they make it harder to see the bigger picture and prevent illicit actions in the early stages of organized attacks.

As these acts grow in scale, so does the use of violence. The report notes that violence related to organized crime has spilled over into public places, with a new service model emerging. Violence-as-a-service sees actors working with state agents or criminal organizations to promote and provoke violence in EU Member States and outside their borders. It involves both physical and digital activities, such as extortion, blackmail, and psychological violence.

Hybridizing crime: the online spills into the offline

The report’s title, “The changing DNA of serious and organized crime,” hints at the big shift over the years as new types of hybrid threats emerge, mixing a variety of criminal activities to maximize profits and success rates.

Europol notes a close link between the increasingly hybrid nature of serious and organized crime and recent geopolitical tensions. The intersection of online and offline criminal activities, technological advancements, and the role of state and ideological actors in these crimes create more dangerous threats and unprecedented challenges.

For criminals, each technological development is a new opportunity to increase their toolkit and create new, unpredictable threats. The internet has done a massive service to cybercriminals, who now rely on the dark web or decentralized blockchain networks to obfuscate their activities, infiltrate their targets, and participate in illegal data trades.

Some serious crimes aren’t even conducted offline anymore—every step, from the initial idea to its execution, is 100% online. In fact, Europol notes that nearly all forms of serious and organized crime have a digital footprint.

Through hybridization, criminal networks act more as proxies on behalf of other organizations or even hostile states to destabilize the EU and weaken its economy. The report lists fraud, child sexual exploitation, migrant smuggling, cyberattacks, waste crime, and trafficking of illicit goods and weapons as some of the key activities facilitated by hybrid threat actors.

Cybercrime expertise has become a requirement. Ransomware attacks have proven to be profitable, targeting high-profile businesses or government agencies. Such attacks can impact essential services, particularly those in the public sector, further sowing distrust in institutions.

The (continuous) emergence of artificial intelligence

As with seemingly all things tech lately, AI is the name of the cybercrime game. Europol lists AI developments and quantum computing among the potential accelerators for serious and organized crime, particularly given the rapid developments in these fields.

Despite their relative novelty, AI systems like large language models (LLM) and generative AI have already been put to practical use by criminal networks. Through AI tools, criminals can improve their efficiency, act more seamlessly, and perform operations that are harder to prevent or combat.

Generative AI, in particular, has been helpful thanks to its low entry level. Any criminal can put in a prompt to create a script in their chosen language, which can then be used for spoofing, creating deepfake materials, or otherwise facilitating illicit activities. AI-powered voice notes and video materials pose a high risk of identity theft.

AI has also broadened the scope of attacks even further. Although online attacks were already far-reaching, AI requires fewer resources than previously observed. Some cybercriminals have been utilizing AI to brute-force more complex passwords, making credentials that were previously considered relatively resistant to threats vulnerable.

Although quantum computing is still relatively theoretical, criminals already operate with the anticipation of its eventual practical application. Access to quantum computing may pave the way for more efficient and sophisticated decryption technology, which would make data currently protected by encryption algorithms easier to breach.

The timeliness of AI is both its advantage and its downside for criminals. Its applicability is still relatively limited, and if illicit AI use increases, developers will likely implement preventative measures. Legislation will catch up, too, as legal entities are already starting to implement policies that regulate AI usage.

For-profit cybercrime flourishes

Europol notes the emergence of crime-as-a-service, where criminals act as corruption brokers and use digital tools for profit-driven operations. Corruption remains one of the biggest threats to businesses and government institutions, “embedded in the very DNA of crime.” Due to its massive impact on economic systems, corruption is interspersed in practically every form of serious and organized crime.

Criminals rely heavily on money laundering to procure funds. The infiltration of legitimate funds for money laundering is high-risk, high-reward. Transactions require an intricate system of hard-to-trace financial systems. However, the biggest operations can generate as much as billions of euros, making them an intrinsic part of serious and organized crime.

Crime-as-a-service is favored by state actors. It can help sanctioned states circumvent financial embargoes. In exchange for illicit services, criminals may receive a safe haven in the state that hired them. Criminals—particularly those working fully online—receive access to resources funded by the state to conduct disinformation campaigns or supply chain disruptions. This grants state actors plausible deniability, as attacks are conducted by proxy, and the state’s involvement may be too obscure to be proven.

Social media accounts have also been broadly utilized for serious and organized crime, especially on political grounds. Criminals may create fake social media accounts—often referred to as troll farms—to spread misinformation or propaganda, manipulate the newsfeed, and further instill doubt and confusion.

Cash-intensive businesses are the target

Although it may appear that government agencies are all criminals care about, small and medium-sized businesses are just as lucrative as targets for serious and organized crime. In fact, the report lists business email compromise fraud as one of the most effective ways to extract data.

According to the EU-SOCTA, all business sectors are potentially at risk of being infiltrated or exploited by criminals. However, the 3 most affected sectors are construction and real estate, hospitality, and logistics.

In some cases, data holds more value than money. It’s treated as a commodity and is at the forefront of illicit trade. Its value is in its reusability. Possession of valuable information puts a massive target on the potential victims’ backs. If stolen, strategically important data can be sold for espionage, economic advantage, or used for coercion.

Large-scale data breaches often involve login credentials dating 5 years back or older. This puts breached organizations in a particularly vulnerable situation—they may not know that their data has been compromised until years later, when a folder containing terabytes of sensitive information suddenly appears on a dark web forum.

Europol emphasizes that protecting the victims is essential to successfully tackling serious and organized crime. One key way to achieve this is cutting off the funding source for serious and organized crime at its root. Although recovering assets can be complicated, shutting criminals out from accessing them in the first place has proven to be effective. Asset recovery has proven to deter cybercriminals from pursuing further operations, as they can’t reintegrate stolen assets into the mainstream economy.

How can you improve digital defenses against serious and organized crime?

The 3 core pillars of the new DNA of serious and organized crime are:

  • Destabilization of society through illicit proceeds and the use of proxies.

  • Nurturing of crime in online spaces.

  • Acceleration of crime thanks to AI and other emerging technologies.

The 2025 EU-SOCTA can paint a grim first impression of the current threat landscape. However, the situation is not hopeless. This research doesn’t just help Europol discover malicious agents faster and with more precision—it indicates the potential future trends, allowing businesses and individuals alike to prepare for evolving risks.

For businesses concerned about serious and organized crime, one of the best ways to stay protected is to conduct transparent operations in accordance with legal requirements and compliance policies, such as ISO-27001, NIST, or NIS2. Upon detecting suspicious activities that could be caused by serious and organized crime actors, companies should contact their legal authorities immediately.

Employee education also goes a long way. Ensure your organization is practicing proper digital hygiene and adhering to a strong and flexible password policy and secure credential usage and sharing norms. Keep your team aware of emerging threats, common scam tactics, and risks posed by AI-powered technologies.

Hybrid problems require hybrid solutions, and Nord Security offers you exactly that. Start proofing your business against complex cybercrimes with a custom-tailored cybersecurity bundle of NordPass, NordStellar, and NordLayer.

  • NordPass is a password manager that helps organizations handle and share sensitive data without compromising its integrity.

  • NordLayer is a network security, threat detection, and response platform that integrates seamlessly with any technology stack.

  • NordStellar is a threat exposure management platform that monitors the dark web, helping organizations stay ahead of cyber threats.

 

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Portnox Named Best Solution for Network Access Control at 2025 RSA Conference

Portnox honored with a Global InfoSec Award for its Network Access Control solution.

 

AUSTIN, TX – April 29, 2025 – Portnox, a leading provider of cloud-native, zero trust access control solutions, today announced its Network Access Control (NAC) was named Best Solution for Network Access Control by Cyber Defense Magazine’s Global InfoSec Awards. The award was announced at the 2025 RSA Conference, taking place this week in San Francisco, CA.

In 2024, Portnox was named “Best Next Gen Network Access Control” in the Global InfoSec Awards and the winner of the Cutting Edge Network Access Control category in the InfoSec Innovator Awards.

“We are incredibly proud to receive this top honor for our Network Access Control solution,” said Denny LeCompte, CEO of Portnox. “This award further solidifies our position as the leader in cloud-native NAC, proving that organizations can achieve robust security without the complexities and burdens of traditional hardware-based solutions. The Portnox Cloud is truly revolutionizing how businesses secure their networks.”

Portnox’s cloud-native zero trust Network Access Control (NAC) solution boasts no on-site hardware, no on-going maintenance, and no management hassles. The platform is tailor-made for resource-constrained IT security teams operating across a highly distributed corporate network.

“We scoured the globe looking for cybersecurity innovators that could make a huge difference and potentially help turn the tide against the exponential growth in cyber-crime. Portnox is absolutely worthy of this coveted award and consideration for deployment in your environment,” said Yan Ross, Global Editor of Cyber Defense Magazine.

The complete list of 2025 Global InfoSec Awards winners is located here: http://www.cyberdefenseawards.com/.

 

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Keepit named champion in Canalys Managed BDR Leadership Matrix 2025

Keepit recognized for its leading SaaS backup and recovery solution by channel partners and Canalys analysts

Copenhagen, Denmark — April 30, 2025 — Keepit, the world’s only independent, cloud-native data protection, backup and recovery platform provider, today announced it’s been named champion in the Canalys Managed BDR Leadership Matrix 2025. Since 2024, the Keepit Partner Network has been empowering channel partners through its leading SaaS backup and recovery solutions.

Companies labeled “Champions” in the Canalys Managed BDR Leadership Matrix 2025  demonstrate the highest levels of excellence in channel and technology capability over the previous 12 months compared with their industry peers, as rated by channel partners and Canalys analysts.

“Keepit’s evolution to Champion in the Matrix has come as a result of its investment in the channel, geographical expansion, positive MSP feedback, and product advancements,” said Robin Ody, Principal Analyst at Canalys. “In 2024, Keepit launched its Partner Network, appointed a new Chief Product Officer to oversee SaaS data protection, built relationships with cloud marketplace distributors, and expanded its global infrastructure. The company consistently provides high-value content for MSPs (Managed Service Providers) —including assets and webinars focused on cyber resiliency, cyber insurance, and compliance strategies—which are well received and impactful.”

“Our channel partners are facing challenges that demand secure and reliable backup and recovery solutions. Keepit’s offering supports MSPs to expand their portfolios to include an intelligent backup solution that ensures cyber resilience and business continuity, while providing a local partner with global presence,” says Liz Barnhart, Vice President, Global Strategic Alliances at Keepit.

Backup and disaster recovery are critical to MSP platform strategies

In today’s environment of growing ransomware threats, stricter regulations, rising cyber-insurance requirements, and increasingly complex SaaS stacks, backup and disaster recovery have become essential. MSPs are on the frontlines, and vendors that offer integrated backup solutions are better positioned to build strong MSP platform plays—especially when complementing cybersecurity and remote monitoring and management (RMM) offerings.

The Keepit Partner Network supports MSPs’ growth

Launched in January 2024, the Keepit Partner Network reflects Keepit’s deep commitment to empowering resellers, MSPs, and distributors through a “partner first” strategy. Now active across the Americas, EMEA, and ANZ, the program is designed to help MSPs drive business growth, increase gross profit, and expand service portfolios with offerings focused on cyber readiness, data recovery, regulatory compliance (including NIS2, DORA and GDPR), and more.

Keepit’s unique, vendor-independent architecture—driven by fully self-managed software and infrastructure, with no sub-processors—continues to be in high demand among both partners and customers. By storing data in local data centers across the Americas, Europe, the UK, and Australia, Keepit enables customers to meet data sovereignty requirements within their regulatory region—independently of Privacy Shield agreements.

 

Download the report

 

Defining data governance and data classification

So, what is data governance and how does it relate to cyber resilience?

Existing under the broad umbrella of data management, data governance is a program — implemented via policies and standards — intended to ensure the availability, quality, and security of an organization’s data in accordance with applicable regulations and obligations (e.g., adhering to industry standards, fulfilling requirements for certifications, etc.).

Within data governance, data classification is the process of separating and organizing data into relevant groups (“classes”) based on their shared characteristics, such as the level of sensitivity, risks they present, and the compliance regulations that protect them.

Data governance underpins cyber resilience plans

An intelligent data governance program delivers several beneficial outcomes for organizations:

  • It helps to ensure the availability, quality, and security of an organization’s data, making it a foundational pillar of business continuity.
  • Data governance helps improve overall data accuracy and impacts outcomes based on that data — which can range from comparatively simple day-to-day business decisions and operations to more complex, forward-looking initiatives including AI-focused programs.
  • It helps to support organizational efforts to comply with regulations and other obligations, making it a cornerstone of compliance.
  • An effective data governance program also permeates the entire organization, increasing data literacy, data accessibility, and data scalability.

Do you know where your data is?

Of course, disaster recovery planning cannot start without a clear understanding and mapping of your data and its significance to your business. What data is crucial for us to continue running our operations? Who needs access to which data to do their job? Where do we store all of this critical data?

Knowing the answers to these questions will start your journey towards ensuring continuity in cases of data loss or cyberattacks. This is achieved through an efficient and effective data governance framework.

I hope that, with our new report in hand, CISOs and CIOs will be able to future-proof their modern, data-driven enterprises through effective data governance.

About Keepit’s new report, “Intelligent data governance: Why taking control of your data is key for operational continuity and innovation.”

Our report takes a practical approach to data governance by offering a resource to organizations for creating or adopting a framework that works best for them.

Key takeaways from the report:

-Major trends shaping enterprise IT

-The importance of “always-on” data

-Resilience against data loss and corruption

-Data governance as an investment

-A practical approach to data governance

-10 questions for board discussions

Get the full report

Data governanceCyber resilienceData protectionIT leadership

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×