ArticlesSecurityWinter 2020 Confronting Inaction in the CyberSecurity Industry by Steve Tcherchian December 8, 2020 written by Steve Tcherchian December 8, 2020 237 2020 was another troubling year in the cybersecurity world. We saw a repeat of 2019’s data breaches on a larger scale. Instagram, TikTok, YouTube, Nintendo, WaWa, and many more fell victim to some sort of compromise. Hardly a week went by where we weren’t reading about a new mega-breach or ransomware attack. One unidentified agency even exposed an 800-gigabyte database of over 200 million personal user records. No one was off-limits. It’s to the point where we’ve become numb to the news of security breaches; we shrug it off and move on. But as consumers, we should be concerned with the lackluster cybersecurity practices these companies have in place. It’s clearly not protecting our data. According to IBM, the average time to detect and respond to a data breach in 2020 is 280 days. This year’s global pandemic has made every industry a huge target with healthcare and the public sector leading the pack. On average, these industries spent over 320 days to detect and contain a cyberattack and cost tens of millions of dollars in some cases. Billions are spent on security each year, so why is this still an issue? How Passwords Will Change Your Business Strategy One of the most critical security risks to any organization are passwords, especially default passwords and passwords to privileged accounts, which have elevated access to perform administrative functions. These can be administrator accounts, service accounts, database connection accounts, application accounts and others. Most of these accounts were set up ages ago when an application or system was initially deployed. They have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, likely shared and often improperly stored. Privileged account abuse is the most common way for hackers to compromise a system. Proper credential storage and accountability is paramount to risk mitigation. Relying on manual methods is resource-intensive, error-prone and leaves gaps. According to a Varonis report, nearly 40% of all users sampled have passwords that have never been rotated! These passwords have a higher likelihood of showing up in online password dumps and being used to infiltrate networks. Simply put – they’re a cyber criminal’s best friend. This is how hackers walk in right through the front door. Not because they’re clever, rather because we make it too easy for them. Click here to continue reading… Confronting Inaction in the CyberSecurity Industry Connect ConvergeCyberArkCybersecurityHPE user communitySailPointSplunkWinter 2020 0 comment 0 FacebookTwitterPinterestEmail Steve Tcherchian Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience to customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. previous post Be Better Prepared for Black Swan Events with Digital Transformation next post When it comes to Digital Transformation, Don’t Forget Security You may also like Modern file storage accelerates the AI-driven search for... August 31, 2023 Historic collaboration: Next-gen virtual infrastructure accelerates apps, boosts... October 16, 2022 Modernize the hospital data center with personalized healthcare... October 16, 2022 Are we on the path to a National... October 16, 2022 The Struggle with Threat Intelligence October 16, 2022 Modernize your data management with HPE GreenLake and... October 16, 2022 Introducing Qualcomm Cloud AI 100 Accelerators for HPE... October 16, 2022 Recap HPE Discover 2022 October 16, 2022 Making App Modernization Easier with HPE and vFunction October 16, 2022 The Insider Threat Problem: Your biggest threat may... October 16, 2022