Do You Know How Easy It Is to Guess Your Password? (Hint: You Don’t Want to Read This!)

The number of account credentials that has been stolen in the last 10 years has exploded to a degree that is unprecedented. It is now a fait accompli that many of the security tools out there can’t help you as 81% of data breaches come from compromised credentials. Lets delve into how easy it is to break into almost any account. Hackers have invented the digital equivalent of a master key. If you look at sites like SecLists, Weakpass, and Hashes.org —  not to mention berzerk0’s probable wordlists on github which is a clever amalgam of password wordlists. Here you will find…

What are CDM and CRED?

The Continuous Diagnostics and Mitigation (CDM) Task Order for CREDMGMT provides guidance and tools to federal civilian agencies to fulfill the Manage Credentials and Authentication (CRED) Function. This functional area is designed to prevent the binding of credentials the use of credentials by anyone other than the rightful owner (person or service). The approved tools provide careful management of credentials, preventing attackers from using hijacked credentials to gain unauthorized control of resources, especially administrative rights. The CRED capability ensures that account credentials are assigned to, and used by, authorized people or services. This solution relies on the results of the…

Joining the Dots to Better Breach Prevention: A Centrify Roundtable

The volume and frequency of data breaches seem to have hit a new high in recent months. But away from the sensational headlines, do we really know what the impact of such incidents can be on the victim organisation’s reputation and bottom line? Centrify recently commissioned the Ponemon Institute to shine a light on exactly this area — interviewing CMOs, IT practitioners and customers — and uncovered some fascinating findings. Not only do UK firms on average see a lasting share price slump of 5% following a breach, but many IT and marketing professionals are profoundly divided –from each other…

Controlling Access is the Key to Cyber Security

Access is the greatest opportunity and the greatest threat for businesses engaging with the online economy. Increasingly, our business systems gather, digest and disperse data throughout our operations, including confidential details about customers, employees and business partners. Mature cyber security processes are vital to protect this confidential information from unauthorised access, which can expose businesses to punishing and potentially lethal brand damage. In fact, even a cursory review of 2016 cybersecurity breaches — including the Yahoo! billion-user revelations, the DNC hack during the U.S. presidential election and the $81 million malware attack against a Bangladeshi bank — reveal their unprecedented…

How Can User Behavior Analytics Kill the Password?

Last time, I wrote about adaptive authentication and briefly touched on behavior analytics being an integral part of adaptive authentication. For true behavior analytics, you need some smart AI powered multi-factor authentication (MFA). Now, if you think about it and put the pieces of the puzzle together you might be able to kill passwords altogether. Wouldn’t that be nice? You no longer need to remember any passwords and all you need is access to one of your MFA tools when authenticating. With the increased use of smart phones and other devices for MFA, businesses now more than ever have the…

Impact of Data Breaches on Reputation & Share Value (Hint: it’s HUGE)

Effective cyber risk management starts with the C-suite and belongs in the boardroom Wow, this last Friday and over the weekend we have heard about the massive cyber attack infecting thousands of organizations with ransomware in over 75 countries. In Britain, dozens of hospitals and National Health Service providers were crippled. While the ransomware was only demanding $300 worth of bitcoin the impact of the attack saw thousands of appointments canceled, phone lines down and patients turned away. Today, a brand new Ponemon study, sponsored by Centrify, was released and examines the impact of data breaches on reputation and share…

Strategically Moving Towards a Secure Hybrid IT

Owing to lack of strategic foresight or sheer laziness, security has traditionally taken a back seat in IT Systems integrations. Lack of security foresight in IT endeavors can impact businesses in the course of time, thus it is recommended to look into security related aspects from the very start — be it at the time of integration, upgrades or migration of IT tool or solutions. Nowadays, security considerations such as in Software Development Life Cycle are integrated into each layer of technology engagement. With that backdrop, security loopholes and cyber vulnerabilities are becoming complex, leading to obstructing identity, data and information…

Déjà vu! Verizon Reports Compromised Credentials Are (by far) the Leading Cause of Breaches

Another year has gone by and the words from the 2016 Verizon Data Breach Investigations Report (DBIR) still ring true: “We’re not mad, just disappointed.” The 2017 Verizon Data Breach Investigations Report (DBIR) paints a déjà vu portrait of data breaches where 81% of hacking-related breaches leveraged either stolen and/or weak passwords. You have to hand it to cyber criminals, they are no hacks (pun intended). Much like the flow of water, they find the path of least resistance to their target and today that path is clearly straight through your users and their self-managed “simple factor” passwords. Look at…

Why So Few Women in Cybersecurity?

I’ve seen quite a few articles lately on why there aren’t more women in cybersecurity. It’s a good question, but I think to answer that, we have to look at tech in general. First, let’s step back and acknowledge the progress that has been made. Today’s average tech company looks nothing like it did in the 1980s when I was earning a bachelor’s degree in computer science and then later a master’s degree in business. At that time, women working in any roles in technology were a minority. Today, that’s improved in a number of areas within tech including marketing,…

Don’t Open that Google Doc Link: Another Phishing Scam

Yesterday, Google users were targeted by a spear phishing campaign that some cybersecurity researchers believe to be one of the fastest-spreading attacks of its kind in history. This attack was highly effective, as the phishing emails were harder to spot since they were from familiar senders. Most users were likely easily fooled into trusting a message from a known contact, which made this scam easy to spread and propagate quickly. While the hole was quickly patched by Google, it is always prudent to check the URL of a link before clicking on it to verify it is spelled correctly and…