Reading the coverage of the recent breach of Adobe passwords, we learned that 1.9 million users used "123456" as their password. That's right: out of 38 million cracked passwords, almost two million adults used passwords more suited to five-year-olds.
Some of these people are corporate users--are they working at your company? Using Adobe products on machines attached to your corporate network?
Describing security is like describing a horror movie--literally. Some people process film-horror as actual horror, it scares them, you can't even talk about it. You say "The ghost emerges from the..." and they stick their fingers in their ears.
I don't want to horrify you, but a "rainbow table" is a cyberthreat you should know about, if only because it will motivate you to create strong, unique passwords every time a password is needed. It's a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. In other words, a powerful tool the bad guys use to break into your accounts and steal your data.
Needless to say, cybercriminals don't need precomputed tables to crack "123456." Why waste time, when users make it so easy? And there are worse things out there--much worse.
Harden. Your. Weak. Points.
Security means more than "a firewall." It means educating your employees--and ensuring that the corporate network is protected from a security threat you may not see coming: the Disgruntled Employee. According to Reuters, Edward Snowden persuaded his NSA colleagues to hand over passwords which he later used to download top secret material and leak it to the press. Sources said he told other staff he needed the information to carry out his job as a computer systems administrator.
Security is never "one-size-fits-all" and many enterprises now have a board-level CSO or CISO to oversee security policy. If your firm doesn't have one, maybe now's the time to think about budgeting for that position. And yes, you need a managed service (or device supported 24/7) to monitor and block malicious traffic up to the application layer.
Let's ditch the infantilism of "123456" and take a look at some more evolved security strategies.
"With the increasing popularity of virtualization and cloud technologies," said APAC security specialist manager Andy Leung of Juniper Networks, "enterprises are using cloud-based applications and services, or moving some of their infrastructure to datacenters." Leung also said that BYOD is becoming part of standard business operations.
"Cybercriminals always look to exploit new vulnerabilities associated with the emergence and rapid growth of new technologies," said Linda Hui, managing director, Hong Kong and Taiwan, F5 Networks. "It's all been about apps, mobile, public cloud and big data in 2013 and this is where the new cyberthreats to enterprise security originate."
Sign up for CIO Asia eNewsletters.