Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

World Password Day Comments

May 2022 by Tanium

Ahead of World Password Day on Thursday, we wanted to share two comments on what organisations should focus on to minimise cyber-attacks from Oliver Cronk, Chief IT Architect, EMEA at Tanium and Chris Hallenbeck, CISO at Tanium.

Oliver Cronk, Chief Architect, EMEA at Tanium:

“When someone is looking to set a strong password, they often choose around 8 characters that contain multiple numbers, special characters and various letters that are randomised. However, this can cause users to forget their passwords or to write them down in a place that others can see. This leaves users vulnerable to being hacked and exposes businesses to unverified people joining the network.

Whilst the National Cyber Security Centre advised using the three random words logic when creating passwords, predictable pet names and birth dates are still widely used which shows that there is still work to be done on IT hygiene to help protect both businesses and the public. Establishing robust cyber defences has never been more essential, especially as cyber-attackers are becoming increasingly sophisticated.

For businesses, that means examining how to instil a secure approach to passwords within the organisation. One way to approach this task is via encouraging employees, including senior leadership, to stick with one good, unique password and supporting this by requiring the user to provide two or more verification factors. This gives the user less reason to change their password regularly and can be more effective than simply forcing users to change their password every 90 days. As well as this, screening password resets against commonly used, expected or compromised passwords is another measure that isn’t incorporated by organisations as much as it should be.

Unfortunately, there’s no such thing as 100% protection in cybersecurity. Even if you have closed off one avenue through effective user authentication, there may be others for attackers to explore — such as theft of browser cookies containing credentials. But the objective is to make things as difficult as possible for your adversary and with multi factor authentication and strong passwords enforced across the organisation, you’re off to a strong start. This is especially true if they’re implemented as part of a zero trust strategy, which is an approach to securing an organisation by eliminating implicit trust and validating every security decision.”

Chris Hallenbeck, CISO, Tanium:

“Passwords have been basic cyber hygiene 101 for decades. But the fact is, they are no longer a viable method of security amid today’s rising attacks. Hackers launch an average of 50 million password attacks every day, or about 580 per second. And approximately 60% of data breaches are attributed to compromised credentials.
Big tech is already transitioning away from passwords – take Microsoft, Google and Apple, for example – and toward more high-tech solutions like biometric logins and facial recognition software. However, passwords are likely to remain for a little while longer. And with the average cost of a data breach estimated at $4.2 million, we must continue to embrace them to avoid becoming the target of the next big breach.

Proactively using strong password management and multifactor authentication (MFA) remain best practice, and have become commonplace for consumers, employees and organizations alike. MFA effectively protects against “credential stuffing,” where hackers reuse stolen passwords to launch attacks, and while a good first step, simply isn’t enough to ensure security given today’s threat landscape. That said, this World Password Day, consider changing your passwords and revisit your cyber hygiene habits to protect your information.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts