13 Jul

IT Security: Weak & Stolen Passwords to Blame for Most Data Breaches

Posted by John Brandwagt

While it might be easiest to think of cyber criminals as evil geniuses who spend hours using complex software to hack into your information, the truth is that you’re likely doing most of the work for them—and it all boils down to unsecure passwords.

Cyber criminals are indeed cunning, ruthless, and oftentimes well funded, but in many instances, they also get a helping hand directly from their victims. According to the Verizon 2016 Data Breach Investigations Report, 63% of data breaches are a direct result of leveraging weak, default, or stolen passwords. Do you think your accounts are safe? Here’s how you can make sure.

Password Woes

Even if you consider yourself a bit of a tech expert, password fatigue can happen to the best of us. With the amount of software and devices that we use daily growing each year, it can be relatively easy to fall into the bad habit of using the same simple password for multiple accounts.

Unfortunately, this easy mistake is one of the leading reasons for why data breaches are growing in frequency and in number—even with the extensive security training that most businesses offer.

The use of stolen, weak, or default credentials in these data breaches is certainly not a new phenomenon—it’s been drilled into our heads for decades to use special characters, uppercase and lowercase lettering, and a required number of characters to ensure the safety of your accounts. Despite all of this, over 40,000 incidences across 82 countries—including Canada—saw data breaches directly involving weak, default, or stolen passwords, making greater IT security a necessity for businesses.

Phishing, Vulnerabilities, and Malware

Part of the problem with modern ideas of IT security is the misconception that attacks are coming from new-to-the-world vulnerabilities. While it’s true that cyber criminals are getting more sophisticated in their methods, their approaches haven’t changed much over the last twenty years. In fact, one of the biggest areas of breaches comes from phishing messages—a tactic that’s been around since the inception of the internet. Almost a third of phishing attacks that were sent out this year were opened, and twelve per cent of victims actually clicked on the malicious attachment or link. This number is up nearly 23% since 2014, making the need for IT security a clear priority for users and businesses around the globe.

What Are The Solutions?

Fortunately for you and your business, the solution to these issues is relatively simple. The most important factor in ensuring your IT security is up to snuff is supplying proper education to your team. While most non-techies are aware of the importance of proper security, most of them don’t know how deep the issues really go. Having your IT security team provide a quick seminar or educational meeting about how to recognize phishing attacks and malware can go a long way in preventing most instances of data breaching.

You should also get in the practice of updating your software whenever patches are available. Many attacks exploit known vulnerabilities, where a patch has been offered for months or even years. Staying on top of this is an incredibly crucial practice.

Most importantly, removing the bad habit of using weak or default passwords from your life can take care of a lot of your security worries. One of the easiest solutions to this is employing a password management application. Many password management apps that are available on the market today will enable you to generate random secure passwords, and will also encrypt and remember them for you—making password fatigue an issue of the past.

7 Things You Need to Know About Working with IT Recruiting Firms

Topics: IT Security

John Brandwagt

John is a Practice Leader at Inteqna. He’s been working in IT Search in Calgary since 1997. He works best with selective job seekers—those who excel at what they do and enjoy their current jobs. Since they don’t have time to look for themselves, he helps them find their dream jobs. From a client perspective, he helps organizations find the talent that will propel their business. John is involved in several of Calgary’s technical user groups and has held board roles in non-profit groups. He is a single dad of four boys who try to beat him at every physical activity from hiking to rugby.

Find me on:




Share