More than ever, businesses are needing to focus on cybersecurity to protect their assets. While many organizations are still experimenting with their options, some companies have developed new roles and positions to take on this important task.
For instance, a chief information security officer, or CISO, strives to protect a company’s information assets and technology against cyberattacks including privacy threats. As you can imagine, a CISO’s job is not easy – especially since the greatest risk to a business’ cyber defense comes inside your own organization.
That’s right! Research shows that nearly 80 percent of information breaches are caused by employee negligence. Reasons, such as weak password protocol, are rooted in a poor understanding of cybersecurity.
Of course, it’s not just the business’ security IT is putting in harm’s way. Employees too are vulnerable to information theft. Thus a CISO’s job is to both protect the organization’s information from employee negligence and to protect employees from themselves.
Pass the (Credential) Stuffing
While there are a plethora of digital attacks CISOs should be aware of, the one we will focus on today is account takeover.
High volume account takeover is achieved through “credential stuffing”, which is a large-scale attack that tests a list of stolen credentials (usernames and password pairs) across the web to gain access to any and every account possible. These attacks are always automated because it’s simply not possible to individually test millions of credentials any other way.
Do you use the same login and password for your work email and banking? Boom, hacker controlled. Do you use the same sign-in information for your instant messenger and cloud storage? Well now cyber crooks own those too. In fact, 55 percent of adult internet users use the same password for everything!
Not to mention that those passwords aren’t even very clever, at least not for a computer. Brute-force attacks can easily crack passwords by systematically checking all possible passphrases until something finally clicks. In short, your ‘Ca1ifornia16!!’ password isn’t fooling anybody.
Savvy hackers know that passwords are the first – and often only – line of defense for many users. Once an account is taken over, cybercriminals can make money in a number of ways, ranging from stealing loyalty points to personal information, to making fraud purchases.
Today’s CISO not only has to protect their infrastructure, but also protect their customers from themselves.
Stopping the Stuffers
Here are a few strategies CISOs and employees can implement to prevent account takeover in their organizations.
IP Blacklisting: Every web request shows the originating IP address of the user. One longstanding method of stopping automated attacks is identify the IP address of a “user” attempting too many logins, whether it’s trying out many passwords on one user account, or many different user ID/password combinations. This approach may be problematic because attackers often use botnets (valid devices that have been hijacked) to conduct the attacks.
Two-Step Authentication: Two-step authentication is becoming more popular in recent years. Services will often require a second device to access an account. Examples include a confirmation text message sent to the user’s phone or a key fob to gain access. While a little annoying for the end user, it thwarts attackers pretty well since hackers will need access to the secondary (some physical) device to do their dirty work.
Education: The simplest solution of all is to educate your employees about the threat of digital invasion, the risks implied to their financial, as well as personal information and best practices to avoid data breach. Encourage employees to use better passwords and to consult IT if they suspect any suspicious activity. Lastly, CISOs should remind other executives to lead by example.
Off-the-Shelf Security Solutions: Another approach growing in popularity is to simply offload securing your web application to a security service provider. They use advanced defenses, usually based on big data of user behavior, with dedicated 7×24 coverage. These vendors are effective because they see and block attacks long before other a company has any idea they are under attack.
While cyber threats will continue to evolve, so will the solutions to stop them. CISOs are at the forefront of this movement.