In today’s rapidly shifting risk landscape, IT security professionals have to do more than just build up a wall of defensive solutions in the hopes that it will be sufficient to ward off a cyber attack.
They also have to face the possibility that a cyber attack might be unavoidable and figure out how to keep that from shutting down their organisation. That’s why an essential part of any cyber security strategy is building cyber resilience.
What is cyber resilience?
Cyber resilience is the ability of organisations to stay agile if they become the victim of a cyber attack. Weaving it into your cyber security strategy gives you an edge when you need to act fast.
By making smart choices when selecting defensive solutions, you don’t just gain protection against cyber attacks – you also gain valuable tools that empower your business to pivot as needed to minimise business disruption in the event of a successful cyber attack.
Why does it matter to my business?
If you think about what might happen to your business during a successful cyber attack scenario:
Would your operations grind to a halt?
How much money would you lose from the resulting downtime?
Today’s cyber attacks are more complex and more dangerous than ever before. Cyber security experts are innovating all the time, but so are the criminals – and they are just as motivated to damage your business as you are to defend it.
By building cyber resilience, organisations can ensure that they are agile and ready to act fast, deploying smart tools that maximise their defensive resources in case of trouble.
How can I boost my company’s cyber resilience?
A cyber resilient organisation has a variety of tools at their fingertips that can minimise business disruption in the event of a cyber attack. Build your cyber resilience by adding solutions with features that enable you to act fast in order to segment, block and stop damage. These solutions would include:
Email Security Gateway
DNS Security
Security Awareness Training
Simulated Phishing
Advanced Endpoint Protection
Mobile Threat Defence
Vulnerability and Patch Management
24/7/365 Device Monitoring
Firewall Management
Technical Reviews
Privileged Access Management
Email Encryption
User Admin Privilege
Cloud Access Security Broker
Data Analysts
Network & Log Security Monitoring
Office365 Monitoring
Back Up and Disaster Recovery
In conclusion
Technical defensive tools alone aren’t enough to protect a business anymore. That’s why embracing cyber resilience is crucial if companies want to truly protect themselves against cyber crime. Cyber resilient organisations combine strong security solutions with active, people-based defences for flexibility of response during a cyber attack.
Need Help?
Save time, money and resource with our cost-effective managed cyber security services designed to keep your users safe, protect your core infrastructure, enhance your security and mitigate risk. By utilising our expertise and experience you’re leveraging an enhanced team who are constantly trained and certified in all specialist areas.
We work alongside industry-leading vendor partners and invest the time and resources, so you don’t have to.
A combination of bad employee behaviour and dark web data spells trouble for businesses! From SMBs to giant multinationals, it doesn’t matter how high-flying a company is, unfortunately password problems will still plague them.
The struggle to get users to make good, strong, unique passwords and keep them secret is real for all organisations and IT professionals. It can be hard to demonstrate to users just how dangerous their bad password can be to the entire company, even though an estimated 60% of data breaches involved the improper use of credentials in 2020. There’s no rhyme or reason to why employees create and handle passwords unsafely, no profile that IT teams can quickly look at to determine that someone might be an accidental credential compromise risk. Employees of every stripe are unfortunately drawn to making awful passwords and playing fast and loose with them – and that weakness doesn’t look like it’s going away anytime soon.
Everyone is managing too many passwords
The average adult has an estimated 100 passwords floating around that they’re using. That’s a bewildering tangle of passwords to manage. The global pandemic helped put even more passwords into circulation as people either working from home or on furlough created an abundance of new online accounts. According to the conclusions of a global study conducted by Morning Consult for IBM, people worldwide created an average of 15 new online accounts, per person, during the main thrust of the pandemic.
Many of those logins were compromised from the start thanks to abundant dark web data. An estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, security professionals had to contend with a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. That dramatic increase in risk per user comes back to haunt businesses. The average organisation is now likely to have about 17 sets of login details available on the dark web for malicious actors to enjoy. That number is only going to continue to grow thanks to events like this year’s giant influx of fresh passwords from the RockYou 2021 leak.
Employees are dedicated to making bad passwords
Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password every time. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member,13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favourite sports team as their password. That makes the criminals jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles.
US companies aren’t any better off. In fact, their bad password problems are just a little bit worse. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. We can’t chalk that blizzard of bad passwords up to ignorance of good password habits, because even employees who know better are slacking on password safety. Over 90% of participants in a password habits survey understood the risk of poor password hygiene, but 59% admitted to still engaging in unsafe password behaviours at work anyway.
Password sharing is rampant
Worse yet, employees are also sharing their passwords with other people at an alarming rate, even if the people they’re sharing a password with don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their organisation had experienced a cyber security incident as a result of compromised user credentials that had been shared with people outside their companies.
43% of survey respondents have shared their password with someone in their home
22% of employees surveyed have shared their email password for a streaming site
17% of employees surveyed have shared their email password for a social media platform
17% of employees surveyed have shared their email password for an online shopping account
Based on analysis of the top 250 passwords found through the application of Dark Web ID’s dark web search function that uncovers exposed credentials, these categories of information were used to generate the weakest passwords in 2020 which were: Names, Sports, Food, Places, Animals and Famous People/Characters.
The most common passwords spotted by Dark Web ID by category
Every organisation in every industry is in password trouble
No industry is immune to the powerful lure of terrible password habits, especially that perpetual favourite password recycling and iteration. In a study of password proclivities, researchers determined that some sectors did have a little more trouble with passwords than others though. The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%).
A trove of exposed data about Fortune 1000 companies on the dark web was uncovered by researchers earlier this year, including passwords for 25.9 million Fortune 1000 corporate user accounts. Digging deeper, they also unearthed an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Altogether, they were able to determine that 25,927,476 passwords that belong to employees at Fortune 1000 companies are hanging out on the dark web. That’s an estimated 25,927 exposed passwords per Fortune 1000 company, marking a 12% increase in password leaks from 2020.
Busted credentials are plentiful on the dark web
If data is a currency on the dark web, then credentials are solid gold. Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and bad actors didn’t hesitate to grab batches of credentials from all over the world. Cyber criminals snatched them up in about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every IT professional chills.
An abundance of records on the dark web has spawned an abundance of passwords for cyber criminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. That giant dump of data is estimated to contain 8.4 billion passwords. Bad actors make use of that bounty quickly and effectively.
In the aftermath an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cyber criminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.
Protect your business from password danger quickly & affordably
With our support we can discover if any of your employee’s reused passwords have been exposed on the dark web so that you can change them right away.
What next?
By utilising our certified dark web monitoring tool we’ll perform a non-invasive scan of your company’s domain and produce a pdf report that will highlight any compromised credentials.
Last week I read this blog titled 3 Big Facts About Cybersecurity In 2020 To Remember For 2021 which talks about phishing, ransomware and The Dark Web. Whilst I agree with these 3 threats, it’s important to remember that a layered security approach for any organisation is key to the sustainability of growth and development. Yes, last year saw a rise of the distributed workforce, the fast adoption to the cloud and a massive increase in COVID related scams, which are still being executed by cyber criminals, thus making your company and all your employees more susceptible and an easy target especially when security most certainly was not and is not top of mind.
For many the need for business continuity and getting up and running as soon as possible those few days before lockdown announcement number 1 massively outweighed concerns over networking and security. And why wouldn’t it! However now we face being in lockdown number 3, with no real idea of when we will be normal again or what normal might look like and still you’ve not addressed those ‘pesky’ security concerns.
So, following on from the blog mentioned above here are 3 key takeaways so you can start to take your cyber security back into your own hands. Remember cyber security is companywide and not just and IT issue.
1. Phishing Rules the Roost
Most of today’s nastiest threats have a common denominator: phishing. More than 80% of all cyber attacks are phishing based. That means that an essential part of keeping your business safe from cyber crime is keeping your business safe from phishing. Phishing attacks skyrocketed by over 600% in 2020, and that’s not going to go away.
How to mitigate the risk?
People are a critical layer within your cyber security posture and with greater reliance on email communication, the dangers of phishing are even more apparent for businesses, especially in the form of ransomware.
By committing your company to Security Awareness Training in this ever changing world will help protect against the growing and varying threats organisations face today. Don’t let those criminals leap to the golden opportunity that increased email usage creates for them to launch phishing attacks – and they’re branching out with more attempts through voice, text, messaging, and SMS.
2. Ransomware is Here to Stay
Ransomware was the most devastating and disruptive single threat type in 2020, and that looks set to keep going through 2021. More than 50% of businesses were impacted by ransomware in 2020. It’s become a favoured tool of hackers from sophisticated nation-state groups to cyber criminal gangs on The Dark Web. Experts estimate that a ransomware attack will take place every 11 seconds in 2021.
Cyber criminals aren’t just using ransomware to steal data anymore. In 2020 there’s been a trend towards ransomware being used to disrupt operations at businesses, manufacturers, essential services, infrastructure targets, and hospitals plus many organisations in other sectors worldwide. Just before the COVID-19 vaccine news started rolling in, cyber criminals were deploying ransomware against hospitals, pharmaceutical developers, laboratories, even cold storage trucking companies. They weren’t trying to steal data, they were trying to disrupt operations at critically needed organisations in order to score a big, quick payday, and they were successful in many cases.
How to mitigate the risk?
Don’t click links in emails
Scan emails for malware
Firewall and endpoint protection
Keep data backups, regular
Protect your information
3. Dark Web Danger is Real and Growing
The Dark Web is a complicated place, and just like everything else in the world, the chaotic nature of events in 2020 impacted the way it operates too. It hasn’t stopped growing – Dark Web activity has increased by more than 300% in the last 3 years. While it hasn’t been as much of a newsmaker as flashier things like nation-state hacking, make no mistake – it’s still an enormous threat to all businesses, and that threat is only growing larger with time.
The proliferation of information gathered in data breaches, especially in last year’s record-breaking year, provides ample fuel for cyber crime like credential stuffing and spear phishing. An article published on the 3rd February 2021 states more than 3 billion unique pairs of cleartext emails and passwords were leaked online from previous data leaks.
The growth of the cybercrime-as-a-service sector of the Dark Web economy also puts companies squarely in the crosshairs of bad actors. Plus, in a challenging economy, even cyber criminals are feeling the pinch and looking for new ways to rake in cash.
How to mitigate the risk?
Dark Web monitoring solutions are a security essential because it provides your company with something incredibly precious: time. By having your business credentials monitored 24/7/365 with our expert human and machine-powered analysis, you’re making it possible for you to find out if you’ve been a victim of credential compromise fast. Which gives your IT team time to address vulnerabilities before the bad guys even find them.
No Company Can Afford A Cyber Security Nightmare.
Let NetUtils help you add strong cyber security protection at a price that won’t keep you up at night. To get you started we’d like to offer you a complimentary Dark Web scan and we’ll show you how our solutions can help you secure yours and your clients’ systems and data against today’s (and tomorrow’s) biggest threats fast.