Our cyber blog ‘Xcina on Security’ encourages teams to engage in essential cybersecurity discussions and prepare for rising threats. Peter Lane, our Information Security Consultant writes on news, providing commentary covering a range of cyber security-related issues making the headlines.
Background
Many organisations are now promoting the use of strong passwords, and where possible, configuring their systems to enforce complex rules that prevent the user choosing ones that may be guessed easily.
User passwords remain among the most commonly exploited vulnerabilities.
An Uber external contractor had their password hacked in September 2022, resulting in internal and privileged systems being compromised. Previous years have witnessed similar, large scale breaches which have been attributed to weak passwords including at Microsoft, SolarWinds, Ticketmaster). Organisations are now opting to invest in Password Managers or Multi-Factor Authentication (MFA) which provide an increased level of protection, although no single strategy is failsafe against hacks as evidenced in recent cases with Microsoft and Uber. |
Did you know the time it takes a hacker to brute force your password in 2022? |
||
*Source: Hive Systems (Are Your Passwords in the Green? (hivesystems.io)) |
In an annual survey and ebook published by LastPass on Psychology of Passwords 2022. The findings based on 3,750 respondents revealed that ….
![]() |
![]() |
![]() |
|||
…..of respondents always or mostly use the same password or a variation |
…. changed their password after they were informed a data breach had occurred |
…. stopped reusing passwords after receiving |
|||
What Needs To Be Done?
Investment in employee awareness and training is vital, enforcement of strong password policies and being wary of and reporting any unusual behavior such as unsolicited ‘sign in MFA requests’.
Xcina Consulting, The National Cyber Security Centre (NCSC) and the UK Cyber Security Council advise:
- Passwords MUST be a minimum of 12 characters
- Passwords MUST contain a mixture of ‘upper’ and ‘lower’ case letters
- Passwords MUST include special characters ( such as !=ӣ@)
- Users to change Passwords on first use
- Users to change passwords every 90 days
- Ensure users cannot reuse any of their last FOUR passwords
- If possible, employ Multi-Factor Authentication (MFA)
This will also meet the requirements of various standards (PCI DSS, ISO 27001, Cyber Essentials, NIST etc)
For more information on how we may help you, contact info@xcinaconsulting.com.
What does the future hold for Data Protection in the UK?
|
|
|
Xcina Consulting are hosting a seminar on Thursday 1 December. We will take stock of where organisations are on their data protection journey and discuss recent privacy developments, taking into account the UK government’s proposed post-Brexit reforms. Meet with Glen Hymers, from the UK Government Cabinet Office and a panel of Data Protection and Privacy Officers including:
|
Cabinet Office Glen Hymers
|
![]() |