January 29, 2019 | SSS Security Consulting
2019 has had an eventful start with reports of a significant data breach. This includes a staggering number of email addresses, passwords, and other sensitive information.
The breach is reported to consist of multiple caches. These collections are estimated to contain over 1TB of data, including over 3 billion unique pairs of email addresses and passwords.
It is not clear exactly who has the data and how far back in time it goes, but you can check on “Have I Been Pwned” if you have been affected.
What if I have been affected in a breach?
If you find that your email address for a particular site is included in a breach, change your password immediately (even if it is for an older breach). If you have been using the same password across multiple sites, then you will have to change it there too.
Prevention is better than cure
The CERT NZ Quarterly reports highlight that these security breach risks are not going away and are continuing to affect individuals and organisations.
In Q3 of 2018 there was an increase in financial losses costing companies and individuals nearly $3 million in New Zealand alone.
Implement CERT NZ’s critical controls 2019
1. Enforce multi-factor authentication (MFA)
2. Keep software patched
3. Disable unused services and protocols
4. Change default credentials
5. Implement and test backups
6. Implement application whitelisting
7. Enforce the principle of least privilege
8. Configure centralised logging and analysis
9. Implement network segmentation
10. Manage cloud authentication
Use an effective and secure password manager tool
It is frightening to think that despite all the publicity about security breaches, companies and individuals still often use weak passwords that can be easily guessed.
Last year we wrote about the SamSam Ransomware that uses a manual approach to target and compromise victims – often through weak, easily guessed passwords.
Customers tell us their staff often worry about forgetting passwords. They find themselves tempted to use the same passwords across systems, choose easy to guess passwords, or keep written notes in easily accessible places.
Password management tools are a solution to this problem. they make it easy to generate stronger passwords, and only require staff to remember a single password - the password to the management tool.
Thycotic's password management product Secret Server provides this functionality, as well as making it easy to see what systems staff have access to. This allows administrators to ensure that departing staff have their access removed or modified appropriately.
Education is one of your most important defences
With an ever-changing threat landscape, training your staff to recognise and appropriately respond to threats such as phishing has become increasingly important.
Phishing emails are getting more sophisticated. Staff still frequently respond to legitimate-looking emails and accidentally compromise company systems. In October 2018 CERT NZ shared information on a phishing and malware campaign where emails were branded to look like invoice notifications from common accounting software.
Last year, Damian Grace from Phriendly Phishing shared information on implementing a successful security awareness programme. During this webinar he showed how quickly a company’s systems can be accessed and what you can do to achieve a successful security awareness culture.
Not sure where to start?
For organisations that are just starting to look at how they can improve their cyber security resilience, a risk assessment is a sensible first step.
Our security consultants can help. We assist with triaging issues, identifying root causes, and guidance on remediation. Contact firstname.lastname@example.org or 04 917 6670 for further information.