Cybersecurity experts from OpenText shed light on the evolving threat landscape and advocate for a layered approach to password security, while also discussing the implications of new IoT legislation in the UK.
Tyler Moffitt, Sr. Security Analyst, OpenText Cybersecurity
Over the years, we've observed a significant shift in how cybercriminals exploit password vulnerabilities. Initially dominated by brute force attacks, which rely on computational power to guess passwords, the landscape has shifted towards more sophisticated methods. However, it's important to note that brute force attacks remain relevant due to advancements in technology. The increase in GPU power has made these types of attacks more feasible, allowing cybercriminals to crack passwords faster than ever before. This persistence, along with a rise in phishing attacks and credential stuffing, where attackers exploit poor password hygiene and use previously breached data to access new systems, highlight the need for robust password policies and advanced security measures.
To combat the sophistication of these threats, it's vital to adopt a layered security approach:
Strengthen Password Policies: Implement policies that require longer, complex passwords that are difficult to guess or crack.
Promote the Use of Password Managers: Encourage users to adopt password managers to generate and store unique, robust passwords for every account.
Expand Multi-Factor Authentication (MFA) Adoption: Push for broader use of robust MFA techniques, particularly those that employ physical or biometric factors, which provide higher security than knowledge-based factors. Hardware tokens or biometric verification are far superior to SMS or email-based verification, which remain susceptible to interception and manipulation techniques like SIM swapping.
Educate and Train Users: Regularly educate users about the importance of password security and the latest phishing tactics, to reduce the risk of social engineering attacks.
Matt Aldridge, Principal Solutions Consultant, OpenText Cybersecurity
For many years now, it has been clear that the convenience gained through the Internet of Things (IoT) was going to come back and bite us, and indeed it has, with so many routers, webcams etc being turned into “zombies” on criminal botnets, and then hired out to take down target websites for profit, among other criminal activities. These devices are often sold at very low profit margins, but in high volumes, and adequate care is not given to their security by such manufacturers.
It is fantastic to see the UK pioneering new legislation to help crack down on the myriad cybersecurity issues caused by IoT devices, and this can only make homes and small businesses more secure, while creating greater challenges for the criminals exploiting them. It’s also great to see that the government is in line with the industry on promoting cyber hygiene, it’s crucial that we remain vigilant and proactive in securing our digital footprints.
Although we may see the cheapest devices on the market go away or become more expensive as a result of this legislation, this is an unavoidable consequence of demanding a baseline of security from manufacturers and the security benefits significantly justify these changes.