Passwords, Data Breaches and Fines, What can you do to avoid being another statistic?
Its daunting, when these types of headlines are plastered across the internet – XYZ was breached, 000,000’s of records have been released onto the dark web. Usernames and passwords have been revealed. ABC has been fined $XXm for a breach reported last year, etc.
Cyber criminals target large businesses and enterprises, with several techniques, including phishing, smishing, vishing, malware, and ransomware, all with tempting or scary messages enticing your employees to click on the link or download a file.
Looking at the following facts, it is clear that you need to deploy stronger authentication to protect your systems and data from breaches.
It’s no wonder then, that people struggle to think of new passwords to use and remember.
However, with the large amount of breached data that is now available on the dark web, sometimes all criminals need is a username, and password which they have obtained, and then they can try accessing your systems with that information.
Cyber criminals are more than aware of this, so if they can find someone who works for you, that has used a password and it has been breached. The chances are, they are already able to gain access to secure files and networks. Claim your free password breach report, to see if you or some of your users are using breached passwords.
Easy to remember passwords like Password, 123456 or qwerty are great for threat actors to predict, and the shorter the password the easier it is to crack. By having password complexity and length policies in place it helps to ensure your employees choose a more complex and longer password.
Put in place a password policy and educate your employees, ensuring they choose a stronger password. If longer passwords are chosen, it is less important to update your password as often and helps you to stay one step ahead of those bad actors.
The above all point towards passwords being bad. So, what is the alternative?
Shifting to passphrases could be a more secure form factor than passwords, as they can be much longer, they are easier for people to remember and much harder to crack, and as they are longer than a traditional password they don’t have to be updated as often.
What is the real cost of a data breach?
Fines are well documented and make headlines on an almost daily basis due to them being so high, often in the millions or multiple millions.
Loss of Earnings
However, it’s not just the fines that the organization must pay, but the loss of earnings to the business should it have to close unexpectedly. A recent example – Sobeys Pharmacy had to close for four days because they suffered a ‘cybersecurity event’, allegedly costing $25m in net earnings.
Consider having to close your business for an unspecified amount of time, whilst you take the time to rebuild your network security and make all your systems secure again.
Another cost could be a ransom payment where your data has been encrypted and the only way to get it back is to pay the ransom – the Colonial Pipeline is an example of such a ransomware attack that worked for the bad actor.
Again, those attackers who use ransomware charge high fees to release data and as in the Colonial Pipeline it was alleged to have been over $4m.
Notwithstanding the reputational damage, that the heat of a data breach can cause. It is not that easy to quantify, but some high-profile organizations who have suffered breaches in the past, are still being quoted today – Facebook, Amazon, Sony PlayStation, Xbox, and Yahoo, even though some happened several years ago – their reputation remains unduly damaged to this day, possibly causing a reduction in customers due to their perceived lack of securing their customers private data.
What can you do to avoid being another statistic?
Intercede can help you to deploy PKI based digital identities to smart cards, USB tokens, virtual smart cards, and smartphones, easily, simply and at scale. From passwords to PKI, you can choose the level of security that suits your organization.
Password Security Management (PSM) provides you with a detailed insight into your organization’s password health, identifying weak, shared, and reused passwords. PSM can help your employees to choose passwords that are unique, within your password policy framework and cross references the proposed new password against our database of over 5bn records so that known breached passwords are not chosen.
MFA – Multi-factor authentication can help protect your systems from phishing, dictionary, or brute force attacks. Get your MFA stronger authentication in a day – we offer an easy to deploy login solution with multi-token and tokenless, password replacement and single-sign-on for both on-premise and cloud applications. MyID® credential management system helps you to secure your digital identities, easily managing the lifecycle of your employees with our easy to use and integrate software solution. Governments and Large enterprises rely on MyID® to keep their systems secure.
Password hygiene is fundamental to keeping your systems secure from cyber criminals. The Password Breach Database used by PSM enables you to easily see how many password breaches your organization has been affected by.
It also identities
- The compromised email addresses and the number of related breaches.
- Users who are sharing compromised passwords with third party websites and organisations.
- Accounts sharing the same password
- Users who are failing security controls.
Our Password Audit tool, analyses the passwords in use on your systems and provides you with a detailed report of your password position, highlighting the areas where you need to improve to meet best practice and comply with NIST standards.
Our Password Audit Report tool reads your AD user account and hashed passwords from all existing user accounts, cross referencing against the breaches stored in our Password Breach Database of over 5 billion breached credentials to discover known breached passwords.
The tool also analyses other email addresses that are sharing that breached password. This is useful to find out users who use their AD password on other websites and external systems to further highlight vulnerabilities where a third party could gain access. The Audit tool also provides details on dormant accounts to ensure they are disabled.
Ask for a Password Security Audit Today!
Trusted by Governments and Large Enterprises Worldwide
Where protecting systems and information really matters, you will find MyID. Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose MyID to protect themselves against data breach and ensure business continuity.