It was recently reported that a group of Russian cybercriminals stole billions of credentials and pieces of personally identifiable information from hundreds of thousands of websites, putting the majority of Internet users at risk.
However, when individuals are asked about what they’re doing to protect themselves from this most recent breach, many say they won’t change anything. According to The Arizona Republic, experts believe that people are experiencing breach fatigue, or an assumption that the constant news of high-profile security breaches are hyperbolic and their data isn’t really in that much danger.
While breach fatigue may lead individuals and companies to think otherwise, data breaches are very real and are a dangerous threat to sensitive information. Everyone uses passwords to protect their data, but they have their limitations and can only keep information safe to a degree.
Depending on the type of password being used, you may actually be helping hackers steal your information. It’s very common for people to use the same login for multiple sites, meaning if one account is compromised they are all vulnerable.
According to SplashData, a password management company, among the list of the top 25 passwords “123456” and “password” ranked as the top two. Cybercriminals utilizing a brute-force attack, which can guess 1,000 passwords a minute, won’t be deterred in the least by such obvious answers.
Increase Protection With Two-Factor Authentication
Some companies do understand the importance of stronger cybersecurity defenses and have implemented two-factor authentication for company webmail systems and administrative tools. This is a great tool that requires multiple sets of identification to allow access to a system, but most enterprises overlook their use on external services like cloud platforms and social media accounts.
Dark Reading contributor Maxim Weinstein recently reported on a company called Code Space that was put out of business after a malicious actor took control of its Amazon Web Services account.
The hacker was able to obtain access to the account and delete the company’s servers and the entirety of the data stored on them. While this may seem like an extreme case, it is becoming easier every day for cybercriminals to access company domains and cloud services and cause major damage due to poorly secured passwords and lack of a secondary security system.
Some companies that offer authentication require information to be shared with a website or service that is then left vulnerable to exploitation. Best practices strongly advise businesses to implement two-factor authentication for all major applications and systems and have total control over the process. Identifiable data is kept within the enterprise and used only to serve as a credential, increasing security and protection.