taitunicnews_Cyber Security today

-

 

 & Access

Why Better Password Hygiene Should Be Part of Your New Year's Resolution





The world has 






By Torsten George on November 25, 2020


Organizations Must Assume That Bad Actors Are Already in Their Networks

The world has been faced with numerous life lessons in 2020, but it’s clear that millions of people still haven’t learned one of the most basic when it comes to security. A new reportt from NordPass has revealed that millions of people still haven’t broken the habit of using easy-to-remember, but easy-to-hack passwords. Of the 200 most common passwords, ‘123456’ took the number one spot again, but unfortunately for the more than two million people using it, it can be broken in less than a second. Other popular passwords included ‘iloveyou’ and the ever-so-creative ‘password’. When it comes to breaches, all roads still lead to identity. Hackers don’t hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s critical that everyone put password hygiene at the top of their New Year’s resolutions list. 

Despite all the new technologies, strategies, and artificial intelligence being employed by security experts and threat actors alike, one thing remains constant: the human element. As humans we’re fallible — a fact that threat actors frequently exploit when launching phishing and social engineering campaigns to establish a foothold in their victim’s IT environment.

The reality is that many breaches can be prevented by some of the most basic cyber hygiene practices. Yet most organizations continue to invest the largest chunk of their security budget on protecting the network perimeter rather than focusing on establishing key identity-related security controls. In fact, a recent study by the Identity Defined Security Alliance (IDSA) reveals credential-based data breaches are both ubiquitous (94% of survey respondents experienced an identity-related attack) and highly preventable (99%).

Today’s economic climate exacerbates these cyber risks and the impact of the COVID-19 epidemic has led to an acceleration in digital transformation and technical change that will further stress-test organizations’ identity and access management practices. This creates new challenges in minimizing access-related risks across traditional datacenters, cloud, and DevOps environments. So, what can be done to minimize credential-based data breaches

Consumers and businesses alike must abandon static passwords and recognize that multi-factor authentication (MFA) is the lowest hanging fruit for protecting against compromised credentials. This approach requires an extra step to verify an identity beyond a username and password using something the user knows (such as a text code), something they have (such as a smartphone), or something they are (such as a face or fingerprint scan).

Individuals should use password managers. A password manager is an easy way to ensure employees are using complex passwords. Some solutions will also advise the user if one of the passwords has potentially been compromised in a data breach and prompt them to change it immediately.

For enterprises, less is more. Instead of pouring more money into a shotgun approach to security, organizations should pursue a strategy oriented on purchasing the highest reward tools. Since privileged access is now a leading attack vector, that is where the smart money should be going. If we assume hackers are already in the network, does it make sense to spend more money hardening the perimeter, or rather on restricting movement inside the network?

The existence of privileged access carries significant risk, and even with privileged access management (PAM) tools in place, the residual risk of users with standing privileges remains high. In turn, organizations must adopt a “Zero Trust” approach. Zero Trust means trusting no one – not even known users or devices – until they have been verified and validated. An identity-centric security approach based on Zero Trust principles re-establishes trust, and then grants just-in-time least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

Ultimately, organizations must assume that bad actors are already in their networks. And consumers must realize they’re constant targets. In 2021, companies across all industries should consider moving to a Zero Trust approach, powered by additional security measures such as MFA and zero standing privileges, to stay ahead of the security curve and leave passwords behind for good.

Related: The (Re-)Emergence of Zero Trust

RelatedNIST's Zero Trust Taxonomy Introduces Components, Threats and Migration Routes

Torsten George is currently a cyber security evangelist at Centrify, which helps organizations secure privileged access across hybrid and multi-cloud environments. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 25 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).
Previous Columns by Torsten George:
Why Better Password Hygiene Should Be Part of Your New Year's Resolutions
Three Critical Threats on the Horizon You Need to Prepare For
Takeaways From the Shopify Hack
The Evolution of Phishing: Welcome "Vishing"
Takeaways From the "CryptoForHealth" Twitter Hack
Tags: 

Comments

Post a Comment

Popular posts from this blog

Stamford Bridge Collapse at Goodison Park as Everyone defeat Chelsea to end a long.....

-
Image
  Everton end Chelsea's long unbeaten run Chelsea spurned the chance to go top of the Premier League as Gylfi Sigurdsson's penalty earned Everton a vital 1-0 win in front of 2,000 fans at Goodison Park. A first defeat in 18 games, excluding penalty shootouts, leaves Frank Lampard's men still two points adrift of Tottenham and Liverpool at the top of the table. They can extend that advantage to five points when they are in action on Sunday. Victory lifts Everton up to seventh and within just one point of the top four. Reece James and Mason Mount hit the post for the visitors, but they were made to pay for one rash moment from goalkeeper Edouard Mendy as he bundled over Dominic Calvert-Lewin and Sigurdsson coolly slotted home the resultant spot-kick. A £220 million ($291 million) spending spree had seemingly transformed Chelsea into title contenders, but the Blues badly missed the creativity of the injured Hakim Ziyech and Christian Pulisic to break Everton down once the Toff
Read more

Road Block in Armenia

-
Image
  Hundreds block streets in Armenia after PM ignores deadline to step down demonstrators blocked streets in Armenia's capital on Tuesday to mark the start of a protest campaign after Prime Minister Nikol Pashinyan ignored their call to step down over a ceasefire deal struck with Azerbaijan. Hundreds chanted "Nikol, traitor" and "Armenia without Nikol" in the streets of Yerevan, answering an opposition call to protest after a deadline of midday Tuesday set by the opposition for Pashinyan to quit passed with him still in power. Pashinyan, who swept to power in a peaceful revolution in May 2018, accepted a Russian-brokered ceasefire deal last month to end a bloody conflict between Azerbaijan and ethnic Armenian forces over the Nagorno-Karabkh enclave and surrounding areas. Pashinyan's opponents want him out over what they say was his disastrous handling of the six-week conflict that handed Azerbaijan territorial gains. Pashinyan has accepted responsibility for
Read more

Salah Kisses Covid-19

-
Image
  FOOTBALL Goal of the year? Defender scores 'miraculous' scissor kick SPORT Philip Rivers surpasses Dan Marino on the NFL's all-time passing list GOLF 'I did everything well today': Tiger off to a fine start at the Masters FOOTBALL Diego Maradona discharged from clinic following successful brain surgery SPORT Cyclist Dylan Groenewegen given nine-month suspension after Tour of Poland crash FOOTBALL English football chief Greg Clarke steps down following backlash for using the term 'colored' GOLF 'Maybe the greatest golf shot you'll ever see': Jon Rahm skips ball across pond in amazing hole-in-one at the Masters FOOTBALL Soccer's 'brain disease' ticking time bomb MOTORSPORT Lewis Hamilton is 'much prouder' of his push for equality than his fight for a seventh F1 title GOLF Gigantic alligator spotted roaming Florida golf course Mohamed Salah tests positive for coronavirus, Egyptian Football Association says By Matias Grez, CNN U
Read more