Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 23 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Dropping Like Dominos

by The Gurus
October 11, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

By now, you’ve all seen the headlines: Dropbox was breached well over four years ago and just now the true impact of that breach is coming to light: nearly 70 million accounts were impacted. That’s not a small number. But what’s even more interesting – and we’ve been warning companies about this for a while – is that this breach was apparently tied to a different, also very high-profile, breach. The Dropbox employee whose password was exploited in the breach originally had his password exposed in the famous LinkedIn breach.
This illustrates an interesting ‘chaining’ or ‘domino effect’ that data breaches can have across multiple organisations.
And, it’s our new reality.
Employee access credentials to systems and sensitive company data are of high value to a hacker. Identity has become the new attack vector. And hackers are all over that fact – finding those orphaned accounts to grab and log-in to behind the scenes without an IT admin even knowing about it. Or, taking stolen credentials from one breach and using them to access another web site as was with the case of Dropbox. All because an employee chose to reuse a password across multiple sites – a very common occurrence.
Often, it comes down to password hygiene as the starting point to stronger and smarter access management. I’m still blown away by the fact that our Market Pulse Survey revealed that a whopping 65% of survey respondents admitted that they routinely reuse passwords across multiple applications and websites. But you don’t need survey stats to understand the severity of the problem – taking a look at the headlines is more than enough to illustrate the issue.
In reality, the Dropbox incident could have been far worse had the impacted passwords not been encrypted. Rather than needlessly put yourself – or your employer – at risk, take a minute to adhere to some password management best practices, as not every application you use will have that added layer of protection that Dropbox did. Use a unique password for every application. Make sure the password is long and more complex – ideally twelve characters should be thought of as a minimum. And, it should go without saying that with an identity governance solution in place, enterprises can ensure that every person with access to any data or systems adheres to strong password management practices like these.
It’s become very clear, between Dropbox, the ‘chaining’ effect back to the LinkedIn breach and the numerous other data breaches making headlines literally every day, that the identity of our people is in the crosshairs. Protecting Identity is key: to the safety of our own personal data, to the security of sensitive company data and files, and, to the safety of sensitive data in an organisation that may not even be linked to your own. Understand who has access to what, what they’re doing with that access, and manage that access throughout each users’ lifecycle and you’ll be well on your way to a smarter, stronger, and more proactive approach to not only identity and access management but to the overall IT security posture of your organisation.
 
By Kevin Cunningham, president and founder at SailPoint

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

StrongPity’s summer watering-holes trap a thousand users in search of encryption

Next Post

Hacker Steals 58 Million User Records from Data Storage Provider

Recent News

Ferrari Data Breach: The Industry has its say

Ferrari Data Breach: The Industry has its say

March 22, 2023
security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information