![]() In the first half of 2021, just 118.6 million people were impacted by data breaches, data exposures and data leaks, just 38 percent of 2020’s total figure out 310 million victims. The number of people impacted by the rising number of data compromises is dropping at a rate that could result in the fewest number of victims since before 2015. National Cybersecurity Awareness Month gives us an opportunity to refocus the conversation on the basics that we may have overlooked for a long time.See the latest entry: The 10 Biggest Data Breaches Of 2022 Working our way through the “Mother of All Leaks” may seem daunting, but it can be as simple a matter as coming back to the security foundations of identifying threats, securing environments, disaster recovery and ongoing assurance. Look for confirmation that accounts are protected by means of monitoring, alerts, and/or multi factor authentication if compromised credentials are used. Look to your trusted service providers to run through these exercises. Users enjoy the additional reinforcement of knowing when their accounts are requesting access confirmation in this way. Leverage push-based authentication, which provides the best present-day user experience and security measures by initiating confirmations of access from the system side to mobile devices. ![]() ![]() Trust nothing, trust no one, and always validate every bit of data traffic in your environment. While making technology choices, make sure your technology can be extended to incorporate Zero Trust principles. The assessment begins with a frank review of your access and protection policies. It is also prudent to use a password manager.įor your organization, there are four steps that can get you to more security: identify threats, secure your application environments, set up a recovery mechanism in case of a hack, and then build an assurance program that enables future compliance and resilience. You should also opt in to multi factor authentication on all your accounts that have made it available. On a personal level, it is good practice to implement one of the various Dark Web scanners to check if your credentials were part of this leak and leaks that came before. Now That it Happened, What Do We Need to Do? Because of these reasons, the industry must insist that as a fundamental practice, that organizations leverage mature data protection strategies and Zero Trust access models to protect information. There is no getting around the general fact that identity credentials, databases, and passwords are going to leak out, whether it is from your own organization or outside the organization. Once the industry has broken its addiction and reliance on passwords, we can begin to look past the impact of leaked credentials. The best way for the community to eliminate this blight is to eliminate passwords altogether. It is a very capitalistic trade in a sense. Hackers are persistent and programmatic in their behaviors, so they will typically look to leverage their efforts into things that give them the most return. The “Mother of All Leaks” is not the end of all things secure, but it is a continuing sign that entities spanning from individual consumers to large corporations must implement better security and learn to protect data better. Teamed up with easily harvested information about a company, a hacker could programmatically attempt combinations of credential sets using a known good password in hand. That means that repeated credentials for something as basic as your Netflix account might be the same credentials, even in part, that you use in a sensitive financial application such as banking. ![]() In the meantime, security teams have plenty to consider because it is a known fact that human beings recycle and sometimes share passwords. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |