How Password Reuse Puts Your Enterprise at Risk

You might remember the 2016 LinkedIn data breach disaster when Russian hackers released 117 million breached passwords online.

Just in February 2019, TurboTax maker Intuit locked several users out of their accounts after discovering that an undisclosed number of accounts were hacked. The method used was a credential stuffing attack, which exploited users who had reused a password on multiple accounts.

Instances like these are very common. Data breaches happen every day – it might be happening this very instant.

Why is password reuse a risky business for enterprise owners?

Not trying to sound hyperbolic here, but your customers’ password methods could mean the difference between saving or losing your business to the dark web.

Passwords are the first (and in some cases, the only) defense mechanism that businesses adopt to protect them from attackers.

But herein lies the problem: As employees or enterprise owners, we have the habit of bringing our bad password practices to work. So, when a seemingly irrelevant password from a data breach is leaked online, attackers can use these to access all of your corporate networks.

This was what happened after the LinkedIn data breach case. Hackers got their hands on a password that an employee was using on LinkedIn to access the corporate network’s Dropbox. This led to the exposure of 60 million Dropbox credentials. One reused password was all it took to take down Dropbox.

The consequences of such a breach? Irreparable damage, financial jeopardy, and insurmountable destruction to a brand’s reputation (to name a few).

When it comes to using recycled passwords and how it threatens your enterprise, here are the most important takeaways:

  1. When your customer reuses an already compromised password: Hackers can easily crack open other accounts.
  2. When employees reuse the same password for business and personal accounts: Hackers can breach your entire business network.

Password security is crucial to businesses and it is high time we act on it. We need to change our mindset and find better ways to manage passwords. Here are a few ways to fix the most common password recycling mistakes.

7 remedies for the password reuse epidemic

1. Change default passwords

Sure, default passwords are easy to remember, but they’re a hacker’s go-to for access into accounts. Replace passwords with passphrases, instead! These are usually more difficult to guess, yet easy to remember. To be extra careful, don’t use publicly common phrases, such as popular memes or movie quotes. Use something that only you will know.

2. Do not store passwords in plain text

If you have been storing your business passwords in a spreadsheet, well, don’t. If you’re caught in the ransomware puddle, and that list is exposed, repercussions will be ugly. Paying a ransom will be the least of your problems. The loss of revenue from downtime and customer churn will also take a bite.

3. Do not use easy-to-recognize keystroke patterns

“Zaq12wsxcde3” may seem like a strong password – until you have a closer look at your keyboard. When the pattern is recognizable, it will put your information at risk. Go for a random series of letters and numbers instead.

4. The obvious! Do not reuse passwords

Do not use the same password for two accounts. While this might seem like too much work, you can always opt for password management tools. This will help you securely keep track of your credentials.

5. Adopt a “my passwords are at risk” mentality

Cracking open a business password can be a goldmine for hackers looking to exploit data on a large scale. Therefore, carry the mentality that a hacker may break into your account at any moment. Treat every account as unique and be sure to seal them with complex passwords.

6. Two-factor authentication is a boon

While using long, complex passwords is a good practice, these are not enough for most purposes. That’s where two-factor authentication comes into play. Adding one more step to your login processes, like a fingerprint or iris scanner, can further protect your business from attack.

7. Get creative

Names of celebrities, sports teams or pets are a big “no”. Crooks can easily harvest such information from your social media profiles. A safe way is to use random words and numbers that won’t mean anything.

What else can you do?

Avoiding password reuse is not a robust security plan. Why not? You simply cannot discipline all of your employees, nor can you assure they’re following good password hygiene outside of work. However, there are three things that you can do: […] Read more »

 

 

Instituting Security in IoT Networks to Prepare for Massive 5G Rollouts

IoT is dramatically transforming how we approach business⁠— from manufacturing to energy to retail, the industry use cases are endless.

Internet of Things networks of connected devices can generate mountains of data in a matter of seconds, enabling projects like smart cities and autonomous cars, and fundamentally changing what’s possible in enterprise and consumer services. We’re likely to see more use cases emerge in the coming years, as the number of IoT devices is set to increase; by 2025, it is projected that there will be 75.44 billion connected devices.

However, IoT technology is still kind of like the Wild West – while the possibilities that come along with exploring this untamed territory are seemingly endless, the risks associated can be extremely high. In the first half of 2018 we saw a 29 percent increase in DDOS attacks, which can be directly attributed to IoT. Now more than ever, cyberattacks have the power to spread from end user to end user with incredible speed, making it even harder to pinpoint the genesis of the attack given the massive number of connected devices on the network.

Despite the security risks, enterprises cannot afford to ignore the significant use cases as connected devices move from the well-understood traditional endpoints to connected IoT sensors attached to almost any device. The advent of 5G will enable enterprises to collect and analyze vast amounts of data from IoT edge devices around the globe, paving the way for cost and performance reductions, but the need to protect the valuable data on these devices will be an opportunity for the bad-guys who will want to either steal or control it.

Operators should view this as not only an opportunity to fortify their networks against cybercriminals but as a competitive advantage to offer services to spot and mitigate risks as more operations move to the edge. With a proliferation of endpoints and more avenues into the network, there must be a massive shift from a “reactive” mode of operations to a “predictive” mode of operations. Furthermore, as 5G rollouts continue across the globe, the attack surface will only increase. 5G networks will enable and support new services and users via IoT devices, exposing the network to severe threats.

Here are a few best practices when it comes to managing IoT security issues.

Start with the Network

A perimeter-based security approach is no longer sufficient when today’s era of cybercriminals can launch an attack from any and all sides using a variety of vectors. Protection must be embedded into the network fabric to further strengthen lines of defense, enabling real-time monitoring and detection.

To thwart potential attacks, businesses need a comprehensive security policy that leverages automation, anti-malware software and firewalls while also regularly documenting their cybersecurity policies. Security cannot be an afterthought – it must be built in from the very beginning to every component of the network. Starting from the network means that you are applying security to the broadest number of endpoints possible, so even if embedded security has not always been a consideration when rolling out new solutions, this will ensure the best possible coverage and awareness as new solutions are considered and deployed.

Automation is Your Friend

According to a recent study by the Ponemon Institute, security automation increases the productivity of IT security personnel and more accurately correlates threat behavior to better address the volume of threats. Security programs powered by automation are by design, nimbler and more actionable, and even the most seasoned security teams can benefit from this additional help. Investing in solutions that are able to glean insights from network automation tools can quickly interpret data into actionable insights, empowering security teams to better pinpoint security threats.

Education is Key

There is a serious skills gap when it comes to implementing security automation technology. This problematic shortage is only opening businesses up to greater vulnerabilities. Until we can close this gap, network equipment and security solutions with built-in automation and seamless integration will be key. A well-rounded security posture calls for comprehensive training programs for anyone who is, or will be, involved in managing the IoT environment. Consider training at the start of any IoT deployment and ensure that staff are well-versed in the workings of any new solution before it is designed and implemented on your network. Vendors will have both product specific and general cybersecurity training options […] Read more »….

Louise Bowman: Cloud Expert of the Month July, 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

July’s Cloud Expert of the Month is Louise Bowman

Louise Bowman is a customer-focused enterprise sales executive that has been in the IT industry for almost 20 years. Her career began at Rackspace, a Global Managed Hosting & Cloud provider, where she built the insides sales team – both in San Antonio and London. In 2007, she returned to her hometown of Denver, and began working for ViaWest, now Flexential, a National Colocation, Managed Hosting and Cloud provider. There she was a Major Account Executive managing top ten named accounts, and later was asked to build ViaWest’s inside sales team. Her next adventure, NIMBL, a national system integrator based in Denver, gave her the opportunity to move up the IT stack where she began working within the SAP ecosystem selling software, consulting, staffing and managed application services to clients primarily in the Pacific Northwest.

Bowman is intrinsically motivated by responsibility, positivity, winning others over, learning, complex deals, and dynamic and thriving organizations. She is currently a member of Cloud Girls and is the SAP ASUG Pacific Northwest Chair Lead.Outside of work, she enjoys great food and wine (cooking or eating out), traveling, skiing, hiking, working out, murder mystery movies andbooks, and spending time with her husband & fur baby, Edie! Louise has a Bachelor of Science degree in psychology from the University of Colorado, Boulder, where she was member of Phi Beta Phi and Captain of the Women’s Lacrosse team.

When did you join Cloud Girls and why?

Manon Buettner, Cloud Girls’ co-founder, and I had met earlier in 2014, and through many discussions she invited me to I join Cloud Girls in 2015. I was able to attend my first retreat in Park City – that weekend really gave my insight into what an amazing organization Cloud Girls is, especially all the women involved.

What do you value about being a Cloud Girl?

First, the annual retreat because this is the time I have been able to learn about each “girl” in the group, dig into key issues and how others see/handle situations, let our hair down, laugh, play and leave with a feeling of belonging. This event always reminds me what a dynamic, eclectic, accomplished and vocal group I am a part of – I am proud to be a Cloud Girl. Second, the ongoing education, strong network and our community involvement.

What is the best career advice you’ve ever received?

“Feel, Think, Do”

What is the best professional/business book you’ve read and why? 

Gallup Poll’s “StrengthFinder” by Tom Rath. This book is the only personality test that has ever really resonated and gave me great insight into myself and others.  I highly recommend to this to everyone, no matter your profession […] Read more »

 

65 Percent of Organizations Believe IoT Increases OT Security Risks

According to Kaspersky Labs State of Industrial Cybersecurity 2018 survey, 65% of organizations globally believe that operational technology (OT) or Industrial Control Systems (ICS) risks are more likely with the Internet of Things (IoT). Over the next year, 53% say that realizing IoT use cases and managing connected devices is a major priority.

As OT and IT converge, organizations can use IoT devices to boost the efficiency of industrial processes, but these devices and processes also present new risks and points of vulnerabilities. Industrial organizations surveyed feel unsafe, with 77% of respondents saying their organization is likely to become the target of a cybersecurity incident involving their industrial control networks.

Of the concerns related to IoT, 54% of respondents claim that the increased risks associated with connectivity and IoT integration are a major cybersecurity challenge, as well as new types of IoT security measures that need to be implemented (50%) and implementation of IoT use cases (45%).

According to Kaspersky Labs, companies relying on ICS are falling victim to conventional threats, including malware and ransomware. Almost two-thirds of companies experienced at least one conventional malware or virus attack on their ICS in the last year, 30% suffered a ransomware attack, and 27% had their ICS breached due to the errors and actions of employees.

Targeted attacks affecting the industrial sector accounted for only 16% in 2018 (down from 36% in 2017)  […] Read more »

 

 

Big Data’s Big Peril: Security

We live in a world that is more digitally connected than ever before, and this trend will continue well into the foreseeable future. Mobile phones, televisions, washers and dryers, self-driving cars, traffic lights, and the power grid – all will be connected to the Internet of Things. It has been said that by 2020 there will be 50 billion connected things. These devices produce exponentially growing amounts of data such as emails, text files, log files, videos, and photos.

The world will create 163 zettabytes (a zettabyte equals one sextillion bytes) of data annually by 2025. Enterprises of all sizes can gain competitive advantages and valuable insights by incorporating big data and predictive analytics into their business strategies to fuel growth and drive operational efficiencies. But with all this data at hand, it’s vital to understand which data is actionable, and how it needs to be considered. Here are two examples of ways businesses are utilizing big data to improve the bottom line.

First, big data analytics can reduce customer churn. Predictive models are being built using customer demographics, product profile, customer complaint frequency, social media, and disconnect orders to flag customers who are likely to churn. Companies can identify these customers to better understand their issues and improve inefficient business processes. They can also recommend products that meet customer feature and price needs.

Second, big data can help prevent network outages. This is especially critical with government, medical, and emergency services networks, where outages can have severe impacts. Predictive models can ingest network logs to look at past device performance and predict hours in advance when an outage may occur, giving network engineers time to replace faulty equipment […] Read more »