Information gathering and password security
Do all employees understand the importance and Risk associated with Password security?
Image Source: PCWorld
Information gathering is an important stage in pen-testing. This is because the more information gathered on the network organization information and system information can create entry points that can be exploited.
In 2021 the national Cyber Security Centre had established a survey on the UK population and the password security they had.
“The survey of UK passwords showed they are often made up of things people can easily predict – such as their pet’s name (15%), family members’ names (14%) a significant date (13%) or their favourite sports team (6%)”.
With passwords being at the front of attacks and part of the defenses to reduce the likelihood of breaches, password security has never been more prevalent, with password security being a main point of interest, how often does security posture validation from people get run? Do all employees understand the technology and business alignment point of view? Many social media platforms create default settings that allow all personal information to be shared online this is to allow the algorithms access to recommend friends and also allow customized adverts. If the settings aren’t changed the potential attack that leads to pen-testing or hacking the company they work for then they can gain access to information such as family members as well any life events that have been shared and can potentially increase the chances of the company the employee works being a target for a data breach.
How efficient is corporate-wide password security?
In February 2021 a breach happened with the company called SolarWinds. This was a high-profile breach, and this was caused because security measures weren’t implemented when the executives had raised the concern that an intern used a weak password, the password became leaked online. A malware was implemented on the network using a payloader called raindrop which delivered cobalt strike. The attackers used SolarWinds to attack targets of interest to them. This being a high-profile attack this could have been limited, if security was equally embedded not only at operational but also at tactical and strategic levels. Is your security equally embedded on all three levels? or just at an operational level?
Password security is more prevalent because of the lack of education in password security and social media privacy settings there are several solutions to fixing these issues. Last year alone there have been a high amount of breaches due to password security not being secure as it should be, this tends to be due to lack of knowledge retention with risk awareness training. Are you able to measure the knowledge retained for security risk awareness not only at a specific point but on a year-on-year basis?.
(Figure 1 FinancesOnline)
In the figure above the lack of security on passwords or on the security and facilities in educating all staff regarding password security.
As seen in the figure above the lack of security on passwords or educating staff in password security is showing how 80% of companies were breached this can be mitigated by having SOC teams detect and mitigate threats fast giving the SOC teams hands-on exercises to improve the reaction time of the team. This can also be mitigated by having effective security initiatives that aim to reset passwords frequently. The best business practices use multifactor authentication this makes it harder to log in from different locations, length of characters beats complexity as the longer the password the harder it is to guess. make sure all passwords used are different from other accounts. The importance of positive security culture is that if the employees are healthy and happy then the teams will go the extra mile in keeping your organization and customer data secure. This will also improve the productivity and the efficiency in which the staff will work.
How Quantum Cybersecurity Skills can help?
Relevant services we offer that help fix raised challenges:
- QCS Security Assessment - validate your security posture form people, processes, technology and business alignment point of view
- Security Consultancy service through reinforcement of critical systems and applications (Active Directory, AWS Cloud, Network), and calibrating the detection ratio of the security controls (SIEM, WAF, IPS, etc.)
- Reselling solutions such as Risk Awareness, hands-on proactive and fully customizable training for Red & Blue teams, Security Services optimization delivered by Cyber Ranges, Range Force, CyberBit, Cofense and Quantum Cybersecurity Skills
Speak to our team - Contact Us
#IncidentManagement #OperationalResilience #ProactiveSecurity #ReactiveSecurity #SecurityServices #SOC #SOCoptimization #SOCproductivity #SOCsalability #SOCsustainability #SecOps #SOC #SOCsuperposition #InfoSec #RiskManagement #MDR #MSSPs #AgileSecurity #RiskManagement #BusinessContinuity
Organizations that are able to take a full advantage of their Security Services are Leaders when it comes to reducing business risks, operational costs, improving resilience and business continuity. Scale and sustain the resources that you already have - it's part of an agile and integrated risk management strategy.
Quantum Cybersecurity Skills is a company revolutionizing risk management with security efficacy. We help optimize security maturity, security transparency from people, processes, technology and business alignment point of view. We effectively bridge security at Operational, Tactical and Strategical layers to improve security service quality and business agility.
Quantum Cybersecurity Skills comprises a diverse, Fortune 500, Global 2000 experienced range of Security Leaders from CISO, SOC Management, Pen-testing, Risk Auditing, Digital Transformation background. We call year 2019 as the birth of Quantum Cybersecurity Skills which was formalized in the following year.
Our team shines through diversity and is distributed across the globe in Montreal (Canada), Mexico City (Mexico), Tel Aviv (Israel), Valencia (Spain), Boston (USA) with HQ in London (UK). Globally distributed team enables us to offer a high quality, cost-effective 'follow the sun' service and address Data Privacy needs of global clientele.
Reach out to us:
Website: www.QuantumCybersecuritySkills.com
Twitter: @SOCoptimization
Linkedin: https://www.linkedin.com/company/quantumcybersecurityskills/