Stolen passwords are the leading cause of hacking-related data breaches. To discuss what can be done to mitigate this security vulnerability, Identity Week spoke with Steve Tout, CEO of VeriClouds.
The security of your entire network is only as good as your least secure server. And, relegating the Unix/Linux infrastructure to a status of any lesser degree is the attack surface that hackers are looking to exploit.
The goal of any security program is to stop or mitigate a threat. To resolve the administrative credentials security threat, you must regularly change the administrator passwords. And then make each password unique.
What’s trending in the cyber security industry? Identity Week sat down recently with Jonathan Sander, VP of Product Strategy at Lieberman Software and veteran cyber security expert, to discuss insider attacks, password security, and lessons learned from major data breaches.
If you have passwords, and you know you do, you’re going to have to face Ch-ch-ch-ch-Changes. Don’t let it be too scary.
People using the same passwords for multiple accounts is a problem. People writing passwords down or user fatigue with password management as an excuse to justify weak passwords are big issues. Simple passwords get cracked more easily, and when people reuse passwords a hack on your favorite dog food delivery service means they have a password that exposes corporate data.
Changing user passwords on a regular basis has long been a basic – and well known – tenet of IT security. But when it comes to password security, privileged passwords (admin, root and such) are often overlooked.
Many of these breached companies passed their regulatory compliance audits and invested heavily in conventional perimeter security tools – like firewalls – without success. Spear phishing, zero days and other advanced threats were able to defeat their perimeter security.
When you use phrases like “brute force” and “simple attacks” it may seem that the bad guys are pretty dumb. Many of them are. They pick up the tools they find and point them in the right directions. Their only original thought is to attack someplace new.
Passwords should never be stored online. Refrain from using the same password for personal and corporate accounts. Use a passphrase on passwords for remote users. Decline the “Remember Password” prompt box of web browsers, regardless if you’re using a private or shared computer.