Y
Yubico, a leading provider of
hardware authentication security keys,
has announced the results of the
company’s 2019 State of Password and
Authentication Security Behaviors Report,
conducted by the Ponemon Institute,
which surveyed 1,761 IT and IT security
practitioners in the US, UK, Germany
and France.
The survey found that despite concerns
over privacy and protection online
and a greater understanding of best
security practices, individuals and
businesses are still falling short, and
need solutions that offer both added
security and convenience. We asked
industry experts for their advice on
how businesses and organisations can
strengthen password security.
STEPHEN
STEPHEN MOORE,
MOORE, CHIEF
CHIEF
SECURITY
SECURITY STRATEGIST
STRATEGIST AT
EXABEAM
AT EXABEAM
Modern cyberthreats are not simple to
defend against. The biggest change in
recent years has been a shift towards
more targeted and more advanced
attacks that traditional security systems
struggle to detect. Cybercrime is
changing because the cost to conduct
the crime is falling, while profitability for
cybercriminals is rising.
For example, usernames and passwords
can now be purchased on the dark
web. Malware simply steals passwords
by logging keystrokes or grabbing
the hashed password from memory,
regardless of the password complexity.
Once this happens, the hacker is
getting in.
The theft of IDs and passwords is by
far the most common goal for today’s
cyberattackers. Valid credentials
especially when federated across
many platforms really are the keys to
the kingdom – once an attacker has
them, they have a legitimate means to
access files and databases at will. To
become aware of and stop such cases,
businesses need to be able to detect
unusual use of valid credentials – with
easy and not hero work.
www.intelligentciso.com
|
Issue 11
FEATURE
The theft of IDs and
passwords is by far
the most common
goal for today’s
cyberattackers.
This is why behavioural analytics has
grown so quickly over the last couple
of years. It can help combat insider
threats by notifying the security team
when someone is doing something
that is unusual and risky – even out of
context, both on an individual basis and
compared to peers.
For example, if an employee begins
moving around the network accessing
multiple fileservers and databases for
the first time, and no one else in his/
her department has done so, it can be
an indicator of a stolen – but valid –
credential. Ensuring that the password
is more complex doesn’t help. With
behavioural analytics and Machine
Learning, this actionable information
about these cases should be available in
a couple clicks; not after a day of queries.
RICH
RICH CAMPAGNA,
CAMPAGNA, CMO
CMO
AT
AT BITGLASS
BITGLASS
Acquiring credentials to access sensitive
data is increasingly easy and incredibly
lucrative for today’s hackers. Every
additional character in a password
increases the number of possible
49