7 tips for preventing harmful password-based breaches.
Do you remember the infamous 2021 SolarWinds supply chain attack? Cyber thieves were able to plan the attack because an intern made the password'solarwinds123' publicly available via a GitHub repository in 2018. SolarWinds is not alone in their issue with password management, which resulted in a significant company vulnerability.
According to research, 81 percent of corporate data breaches are caused by inadequate password management – an avoidable problem that can cost an organization up to or more than $4.35 million, the average cost of a data breach.
Despite the seeming triviality of passwords, as demonstrated by the SolarWinds incident, it can be extremely difficult for firms to recover financially and reputationally from password-based breaches. In this article, we'll go over the best practices for preventing major occurrences that start with a password.
7 ways for preventing password-related breaches
- Use strong password requirements. Although no password is completely hack-proof, larger passwords are harder for cyber thieves to guess, decrypt, or exploit.
Require a minimum number of password characters, including upper and lower case letters, digits, and special characters. In addition, due to the nature of cybercriminal tactics, consider prohibiting the use of dictionary words, common phrases, and personal information in passwords.
- Enable multifactor authentication (MFA). In the case that a password or many passwords are hacked, multi-factor authentication (MFA) adds an additional layer of security. MFA should be enabled for all user accounts and essential systems.
One element in the MFA paradigm is often a normal password, which the employee is familiar with. Another component, such as a code obtained by text, is often something that the employee possesses. Biometrics can theoretically represent another component; nevertheless, experts warn against widely implementing biometric authentication systems for security reasons.
- "Hashing" and "salting" passwords. The National Institute of Standards and Technology (NIST) recommends these protocols. In case the words are unfamiliar, NIST defines a hash as "a function that maps a bit string of arbitrary length to a fixed-length bit string". In other words, hashing effectively scrambles the password characters so that a database never exposes a list of plain text passwords to cybercriminals. Salting is the process of adding additional data to passwords before they are hashed, making saved passwords more difficult to attack.
- Educate and empower your workers. Ensure that your organization's personnel are aware of common phishing strategies used to get credentials. Emphasize that hackers frequently pose as trustworthy parties and/or deliver users harmful URLs to which they must enter credentials. When it comes to staff education, go over a range of conceivable scenarios in which cyber crooks can try to grab credentials. Enable employees to protect their credentials.
- Leverage a lockout mechanisms. NIST recommends locking a user out of password-protected accounts if a wrong password is entered repeatedly. NIST states that no more than 100 login attempts should be allowed. Many firms choose to lock accounts after three to five incorrect login attempts.
- Apply the principle of least privilege. Provide employees with the privileges they need to efficiently execute their job duties. Avoid giving staff excessive permissions. This manner, the damage from an account hack is likely to be minimal.
- Respond to questionable activity. Set up alerts that can notify your team of suspicious actions, such as a significant number of failed login attempts from unexpected places. Ensure that your team investigates and responds to these signals, since this will assist to prevent future intrusions.
Source: Cybertalk.Org
#ALERTS #COMPROMISE #CYBERSECURITY #HASHING #LEAST PRIVILEGE #MFA #PASSWORDS #SALTING #WORLDPASSWORDDAY #ZEROTRUST