With recent high-profile password dumps, IT security professionals are calling for stronger passwords, password change policies, and multi-factor authentication. Some are even predicting the end of passwords as we know them and the rise of biometric identification. In this week’s CISO beat, CISOs on Twitter discuss static passwords in the context of recent breaches, the growth of the cybersecurity industry, and how your office printer may be the most overlooked attack surface exposing your organization to risk.
"Static passwords are adorable, but sophisticated attackers…utilize them to advance their attack." – 2016 DBIR. #AwwCuteLittlePassword
— Andrew Kalat (@Lerg) May 1, 2016
We often hear about secure password policies and the prevalence of default or weak passwords. Even a strong password cannot protect an account from a keylogger, phishing attack, or a breached database. Static passwords along are simply insufficient to protect confidential files. A member of Hacking Team stored his passwords encrypted in TrueCrypt, but a hacker still gained access. There is no replacement for a dynamic authentication method. By implementing something as simple as two-factor authentication, more than half of the breaches in 2015 could have been prevented.
Hacker is Selling 272 Million Email Passwords for Just $1 – A massive database of 272 million emails and passwo… https://t.co/WSjt1YOOF8
— Joseph McCray (@j0emccray) May 5, 2016
Passwords have now become a cheap commodity. A hacker allegedly placed a database of 272 million passwords for sale for just 50 rubles – or around $1 – for the entire password dump. While some are dubious about this particular breach, the volume of stolen credentials online is indisputable. The challenge for the CISO is to not only implement the right technology but also educate employees on recognizing phishing campaigns and avoiding malicious sites.
— Dan Lohrmann (@govcso) May 5, 2016
New frontiers for IT require new technology, and rate of innovation in business technology has kept the security industry racing to keep up. In many cases, the growth of new security tools is tied to the technology they protect. For example, the cloud access security broker (CASB) market has seen exponential growth since its introduction in 2012 because it is inherently tied with cloud adoption. Gartner named CASB an essential technology for companies that use SaaS applications – essentially, every company. That provides the basis for their prediction that 85% of enterprises will use a CASB by 2020, up from %5 in 2015.
Two things I learned at this weeks conference. As an industry we are getting better, but so is our adversary. #FSISACAnnualSummit
— Bruce Phillips (@BruceP_CISO) May 5, 2016
The security industry is getting better by the day, but security will always play catch up with innovations in cyber crime. The economy for cyber crime has matured significantly; many hackers show up at the office at regular intervals, as if it were a typical 9-to-5 job.
Old technology supplies a huge amount of security vulnerabilities for hackers, with a new critical Adobe vulnerability discovered just this past week. Clever cyber criminals can use even seemingly innocuous devices to launch an attack. According to a recent report, 35% of office breaches are traced back to the company’s printer, costing enterprises $133,800 each year.
Think that printer in the corner isn’t a threat? Think again https://t.co/USZZPAUQFA
— Malcolm Harkins (@ProtectToEnable) May 4, 2016