Wednesday, March 7, 2012

What's your Password? Find out how you can't get easily hacked


'Password1' is top business password —study


Talk about executive headdesk moments. If you thought "Password" was the world's worst password out there, here comes what could be its equivalent in the business world: "Password1."
This was revealed in the Global Security Report for 2012 of security firm Trustwave, according to an article posted on PC Magazine.
"('Password1') satisfies the default Microsoft Active Directory complexity setting," PC Mag quoted Trustwave as saying.
This means the password must have a capitalized letter, a number, and the requisite number of characters to qualify under basic password security settings.
Worse, PC Mag said the Trustwave report noted users "are finding creative ways to override" corporate IT policies on passwords. These include:
- setting usernames as passwords - making simple, often numerically progressive (and thus predictable) changes to passwords - opting for the simplest possible variations to meet complexity requirements, "such as capitalizing the first letter and adding an exclamation point to the end" of the password.
A big problem for business users is that IT policy requiring that passwords be complex and changed frequently.
On the other hand, Trustwave noted many business users write down their passwords where they can be discovered—even on the computers.
Trustwave also warned in the report that keystroke logging software is relatively easy for hackers to deploy and social engineering techniques for getting employees to reveal how to access IT assets remains a big problem.
PC Mag said other key findings related to hacking incidents and intrusion investigations at companies researched by Trustwave include:


- Customer records remained a valuable target for attackers, making up 89 percent of breached data investigated. The food and beverage industry made up the highest percentage of investigations at nearly 44 percent.
Industries with franchise models are the new cyber targets, with more than a third of 2011 investigations occurred in a franchise business. In 76 percent of incident response investigations, a third party responsible for system support, development and/or maintenance of business environments introduced the security deficiencies. Law enforcement detected more breaches in 2011, up from 7 percent in 2010 to 33 percent in 2011. Data harvesting techniques continued to target data "intransit" within victim environments showing up in 62.5 percent of 2011 investigations. Anti-virus detected less than 12 percent of the targeted malware samples collected during 2011 investigations. For Web-based attacks, SQL injection remains the top attack method for the fourth year in a row. — TJD, GMA News

No comments:

Post a Comment