The largest single threat to the cyber security of Gibraltar is passwords and the inadequate use of sensible password schemes in place in a number of public and private sector organisations. A few years ago the UK’s National Cyber Security Center said that organisations needed to update their approach on passwords and published at lot of very good information on how to do this. This information is available here.
As our founder, Peter Bassill, pointed out during one of his CISO council meets at Microsoft back in 2006, the whole paradigm of passwords is dead. If a password is less than 12 characters long it is next to useless. As he pointed out, forget complexity, use length, ideally at least three works put together to form a memorable phrase. That is exactly what the NCSC is recommending organisations do.