As the line between the offline and online worlds continues to blur, security experts indicate considerable thought should be given to what passwords are chosen. Yet, according to a new report, many organizations do not employ good techniques when it comes to choosing passwords.
Despite all the high-tech knowledge available today, hackers do not even have to try hard to gain entry to computer systems as many businesses are practically handing over their digital keys to exploiters.
According to CNN Money
, Security services firm Trustwave highlighted the simple and easy to guess password of "Password1" in its "2012 Global Security Report
This report considered 2 million network vulnerability scans and examined 300 recent security breach investigations in its assessment. Trustwave said the information they have compiled "highlights top data security risk areas," and offers predictions on future targets "based on analysis and perceived trends."
Last year, trends were geared towards targeting customer records, where exploiters put energy into order obtaining identity and financial data. Trustwave noted in their summary that "companies across the globe are leaving themselves open to data security threats."
• "Password1" is the "most common password used by global businesses because it satisfies the default Microsoft Active Directory complexity setting." This simple password contains an upper-case letter, a number and at least nine characters, which makes it 'complex'.
• The food and beverage industry, for the second time, made up the highest percentage of investigations (at about 44 percent).
• Franchises are "the new cyber targets", making up over a third of 2011 investigations.
• Data harvesting techniques target "in-transit" data
highlighted some other findings by Trustwave. Such as, "In 76 percent of incident response investigations, a third party responsible for system support, development and/or maintenance of business environments introduced the security deficiencies," and "Anti-virus detected less than 12 percent of the targeted malware samples collected during 2011 investigations." Also it was noted SQL injection remains a preferred method used by exploiters in web-based attacks.
Other security issues
Trustwave also warned that even if more complex passwords are used, keystroke software is also increasingly used to gain unauthorized access.
Despite the high level of awareness that has happened in recent years, of both the seriousness and costs associated with a data breach for all involved, it appears many companies are still not making the grade when it comes to employing strong security for protecting data.
"It won't happen to me"
Despite attention being drawn to the issue, a sluggish attitude
towards information security remains. If the trends outlined by both Trustwave and a survey ordered by Cisco
are an indicator, there is still much work to be done.
The CNN article notes Verizon also came up with comparable results as Trustwave did in its 2012 Data Breach Investigations Report
. One key point was weak or guessable passwords was "the top method attackers used to gain access last year," playing a role in 29 percent of security breaches.
Many companies have not invested as much effort into security and/or business continuity efforts as other processes such as marketing, sales and accounting. Often, the perceived reason is presumably because security doesn't rake in profits, or as vital, the other divisions. Couple that with the fact security is very expensive to maintain, and it's not hard to imagine why organizations may tend to focus on this less lucrative area of conducting business.
According to a Jan. 2012 article published by Merchant Account Guide
, a survey found
many merchants still hold apathetic views towards security.
Perhaps this can be attributed to the attitude, not unlike other types of disasters, "it'll never happen here." However, the reality of it is, breaches and exploits happen, probably more frequently than we'd care to admit. Experts and researchers say sometimes intruders lurk in systems long before they're discovered.
Data breaches can and do happen. Some of the largest breaches ever occurred in 2011
. And if companies cannot make strong efforts to create a secure password for their systems, but rather rely on "meeting the minimum," one can't help but wonder what else organizations aren't doing to protect customer data?