Confronting Inaction in the CyberSecurity Industry

2020 was another troubling year in the cybersecurity world. We saw a repeat of 2019’s data breaches on a larger scale. Instagram, TikTok, YouTube, Nintendo, WaWa, and many more fell victim to some sort of compromise. Hardly a week went by where we weren’t reading about a new mega-breach or ransomware attack. One unidentified agency even exposed an 800-gigabyte database of over 200 million personal user records. No one was off-limits. It’s to the point where we’ve become numb to the news of security breaches; we shrug it off and move on. But as consumers, we should be concerned with the lackluster cybersecurity practices these companies have in place. It’s clearly not protecting our data.

According to IBM, the average time to detect and respond to a data breach in 2020 is 280 days. This year’s global pandemic has made every industry a huge target with healthcare and the public sector leading the pack. On average, these industries spent over 320 days to detect and contain a cyberattack and cost tens of millions of dollars in some cases.

Billions are spent on security each year, so why is this still an issue?

How Passwords Will Change Your Business Strategy

One of the most critical security risks to any organization are passwords, especially default passwords and passwords to privileged accounts, which have elevated access to perform administrative functions. These can be administrator accounts, service accounts, database connection accounts, application accounts and others. Most of these accounts were set up ages ago when an application or system was initially deployed. They have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, likely shared and often improperly stored.

Privileged account abuse is the most common way for hackers to compromise a system. Proper credential storage and accountability is paramount to risk mitigation. Relying on manual methods is resource-intensive, error-prone and leaves gaps.

According to a Varonis report, nearly 40% of all users sampled have passwords that have never been rotated! These passwords have a higher likelihood of showing up in online password dumps and being used to infiltrate networks. Simply put – they’re a cyber criminal’s best friend. This is how hackers walk in right through the front door. Not because they’re clever, rather because we make it too easy for them.

Click here to continue reading… Confronting Inaction in the CyberSecurity Industry