Last year the Verizon Data Breach Investigation Report found that “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” This shouldn’t come as a surprise. Companies have been investing in perimeter defenses for years. The best way for hackers to circumvent these network controls is to use legitimate credentials to authenticate themselves. Protecting against these attacks is a challenge, but there are several things your organization can do to reduce your risk.
As we have all likely heard, passwords are really not very secure these days; some would say they never have been. If you must use passwords, hopefully you take a few simple steps to make them more secure, such as making them long (12-30 characters) and complex (odd characters and no patterns). Perhaps you are using a generator to make them random and avoid dictionary words, pets’ or significant others’ names. If you’re striving for extra security you may have enabled second-factor authentication, to ensure you’ll receive a text, email, or other confirmation on a device you will likely have on you.
Recently, social media giant Facebook announced that they are providing, free of charge, code to allow app developers to implement delegated account recovery. This is effectively a more elegant replacement for the traditional “security questions” approach to resetting a password, which historically has required the user to setup a series of questions that (ostensibly) only they know the answer to. However, a Microsoft survey from several years ago already identified that over 10% of those supposedly “secret” questions could be answered within five guesses by nearly anyone, and that participants forgot 20% of their security question responses within six months.
We’ve recently written a number of posts about the role that passwords and strong authentication methods play in security. Locking down logins and implementing access controls has long been a cornerstone of information security. Most information security professional understand the factors that make passwords strong. For a quick refresher, check out our recent post on the subject. In short, a strong password is typically very long; includes numbers, mixed case, and special characters; includes no words or discernible patterns and is definitely not your pet’s name. You should also never reuse the password or use the same password across multiple systems.
Passwords may be one of the most misunderstood elements of network security. The critical importance of the role passwords play in thwarting cybersecurity breaches cannot be downplayed or understated. Weak passwords undermine a company’s network. One of the key points of security tools, such as network security monitoring, is to flag unusual (and therefore suspicious) activity on an organization's computer systems. If passwords are so simplistic that hackers can guess them correctly in a normal number of attempts, then cybersecurity software is much less likely to notice and flag these cybercriminals' efforts.
Cybersecurity failures are so frequent that they even happen to individuals we'd expect to have taken better precautions. That's certainly the case with Facebook founder Mark Zuckerberg, whose social media accounts were hacked due to a poor password. The breach illustrates two common mistakes that many users make when creating account passwords, and why passwords are a crucial part of endpoint security.
In an industry that's constantly evolving, it can be a challenge to stay on top of recent trends. Following cybersecurity news sites and blogs can help educate you about current happenings, but what about the bigger picture? We've rounded up six online videos that cybersecurity professionals should watch in order to become better informed about today's most pressing cybersecurity issues.
Passwords are a crucial element in network security, but their importance is often misunderstood. One of the key points of security tools such as network security monitoring is to flag unusual (and therefore suspicious) activity on an organization's computer systems. If passwords are so easy for hackers to guess that they can obtain them in a normal number of attempts, then cybersecurity software is less likely to notice criminals' efforts. But even businesses that do not rely on advanced security tools can still benefit from strengthening their password practices. The following is some basic advice on passwords. But first, a look at the problems.
Employees are the lifeblood of an organization, and if they neglect good cybersecurity practices, the company's overall cyber defenses are weakened. Here are three common cybersecurity mistakes employees make—and the best ways to address them.
1. Falling for Phishing
Phishing may be a common scam, but employees are still falling for it. Between late 2013 and August 2015, the FBI found that more than 7,000 U.S. companies were victimized by business email scams—with total losses exceeding $740 million. A single well-written phishing email can confuse employees into clicking a fraudulent link that installs malware on company machines, or can trick accountants into wiring money into false banks accounts purportedly owned by company executives traveling overseas.
Dealing with a security breach is like a police officer drawing his or her gun: in all likelihood, you’ll go your whole career without having to do it. But regardless of the unlikelihood, you need to be prepared.
We have come up with seven steps you should take if ever you discover you have been hacked and your company’s data has been compromised.