Happy Friday my friend!
Some recent studies have highlighted a huge but invisible problem that IT departments have to deal with. The past few weeks we've had to help several companies kick the bad guys out of their computers, all because of this one thing: password re-use.
Eye-roll, I know. But the danger stays hidden until hackers start using compromised credentials to break into your company. Here are some recent numbers:
▪ A TechRepublic survey revealed 53% of people admit to reusing passwords, which is great news for hackers – they can steal one password and try their luck with all the services you use.
▪ Verizon estimates that 86% of attacks start with compromised credentials for initial access.
▪ A recent Report from LastPass estimates 62% of knowledge workers reuse the same password or a close variation.
The Takeaway
So why is this happening? Well, employees have more passwords to remember than ever. The average organization uses 130 apps to operate. Bitwarden estimates 68% of internet users must remember over 10 passwords, with 84% of that number admitting to password reuse.
This offers a lot of opportunities for hackers, and remember, the average person tends to assume they’ll never be the one to be hacked.
What to do? Here are 3 ways to mitigate your risk of compromised credentials:
1. Multi-factor authentication (MFA)
MFA can definitely help as it adds another hurdle for attackers to clear after gaining access through a compromised password. MFA makes your users 99% more secure than without it.
2. Training
Cybersecurity training isn’t new. Organizations have been carrying out security and awareness training for a long time and it clearly hasn’t made a dent in the number of end-users reusing their passwords. There’s still value in raising awareness, but you can’t rely on training to permanently change users’ behaviors.
3. Check for compromised passwords
IT teams can’t control what people do outside work, so it's vital to have a tool for checking whether passwords have become compromised. This is where DarkWeb scanning comes in. There's free and paid flavors and both have their use cases. For free, I recommend HaveIBeenPwned.com and for professional solution, reach out to our team and we can set you up.
Unfortunately October was a record breaking month for global ransomware attacks and this is one of the primary ways they've been getting in.
Let's do our part to keep the community safe!
If you know someone who might find this information useful, please consider forwarding this email - it might just save them from disaster.
Stay safe out there.
-Attila
New Friday Funnies
Q: Why did the pilgrim’s pants keep falling down?
A: Because his belt buckle was on his hat.