Data Breach Of Department Of Veterans Affairs

Hackers aren't picky when it comes to target selection, and no one is safe.

Unfortunately, that includes the Department of Veterans Affairs, which recently disclosed that a hacker successfully breached their system and made off with personal information belonging to more than 46,000 veterans served by the department.

According to the official data breach Myrtle Beach SC notification, the hackers utilized social engineering techniques and exploited the authentication protocol to gain access to the VA's Financial Services Center App (FSC). From there, they began to divert VA payments intended to go to healthcare providers for medical treatment. In addition to that, a spokesman for the VA says that there is evidence that the personal information contained in the veterans' patient records was compromised.

 

 

A press release on the subject reads in part, as follows:

"To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information. The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised."

Unfortunately, this is not the first time the VA has been breached. The first incident actually occurred in 2006 when an unknown party stole a laptop and an external hard drive which contained personal information belonging to more than 26 million veterans. By comparison, this is a very small-scale attack, although that's small consolation to those who have had their personal information compromised.

In any case, if you haven't been contacted by the Department of Veterans Affairs, it's safe to assume you're not among the affected. Even so, out of an abundance of caution, it's a good idea to keep a watchful eye out for phishing type attacks aimed at getting more information from you. Monitor your credit report for accounts opened in your name.

Call SpartanTec, Inc. now and protect your business from potential data breach.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Used with permission from Article Aggregator

If 123456 Is Your Password, Change It Immediately

You probably aren't familiar with the name Ata Hakcil. He's a computer engineering student who recently conducted one of the largest password security surveys currently available.

To conduct his research, he collected a number of username and password "data dumps" from the Dark Web and analyzed the passwords he found there. Hakcil was able to analyze a massive collection of more than a billion passwords, looking for trends and commonalities.

IT Security Myrtle Beach SC Professionals have long known that password security is an area of persistent weakness that leaves companies of all shapes and sizes exposed. Hakcil was able to measure and assess just how bad that problem is. What he found was depressing.

The most commonly used password in the collection he analyzed was simply '123456,' which appeared in his dataset more than seven million times. It is the most widely used password in the world. Put another way, a staggering 1 person in 142 was found to have used that simple password. As you might suspect, that is laughably easy for a hacker to guess using the simplest of techniques.

In addition to that, Hakcil discovered that the average password length is 9.48 characters, which isn't great. Given the password referenced above, is better than you might have guessed.

Other relevant and intriguing statistics culled from this study include things like:

• Only 12 percent of passwords include a special character
• 29 percent of the passwords reviewed used alphabet characters only
• 13 percent used numbers only
• Given the above, fully 42 percent of all the passwords in the dataset were vulnerable to quick "dictionary style" attacks that would allow a hacker to gain access with minimal effort.
• The most common 1000 passwords unearthed by this research accounted for 6.607 percent of the total, which gives hackers a long list of low hanging fruit to work with.
• With the most common 1 million passwords, the hit rate is 36.28 percent. With the most common 10 million passwords, the hit rate is 54 percent. This makes most networks incredibly easy to breach.

If you're wondering why we keep reading about so many high profile data breaches month after month, the results of this research go a long way toward explaining it, and that's unfortunate.

Call SpartanTec, Inc. now and let our team of IT professionals make sure that your computer and network are secured and protected against possible online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Sophos Launches Managed Threat Response Service

Managed Threat Response

On July 14, learn about how MTR backs your organization with an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralize even the most sophisticated threats.

July 14th  2:00 EST
Register Here

 

New Threat Hunting, Detection and Response Offering Powered by Machine Learning and Expert Analysis to Neutralize the Most Advanced Cybersecurity Threats

Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced the availability of Sophos Managed Threat Response (MTR), a fully managed threat hunting, detection and response service. The re-sellable service provides organizations with a dedicated 24/7 security team to neutralize the most sophisticated and complex threats.

These types of threats include active attackers leveraging fileless attacks and administrator tools such as PowerShell to escalate privileges, exfiltrate data and spread laterally, as explained in the SophosLabs Uncut article on Lemon_Duck PowerShell malware. Attacks like these are difficult to detect since they involve an active adversary using legitimate tools for nefarious purposes, and Sophos MTR helps eliminate this threat.

“Cybercriminals are adapting their methods and increasingly launching hybrid attacks that combine automation with interactive human ingenuity to more effectively evade detection. Once they gain a foothold, they’ll employ ‘living off the land’ techniques and other deceptive methods requiring human interaction to discover and disrupt their attacks,” said Joe Levy, chief technology officer at Sophos. “For the most part, other MDR services simply notify customers of potential threats and then leave it up to them to manage things from there. Sophos MTR not only augments internal teams with additional threat intelligence, unparalleled product expertise, and around-the-clock coverage, but also gives customers the option of having a highly trained team of response experts take targeted actions on their behalf to neutralize even the most sophisticated threats.”

Built on Intercept X Advanced with endpoint detection and response (EDR), Sophos MTR fuses machine learning with expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats. These innovative capabilities are based on Sophos’ acquisitions of Rook Security and DarkBytes technology, and include:

• Expert-led threat hunting: Sophos MTR anticipates attacker behavior and identifies new indicators of attack and compromise. Sophos threat hunters proactively hunt for and validate potential threats and incidents, and investigate casual and adjacent events to discover new threats that previously couldn’t be detected
• Advanced adversarial detection: Sophos MTR uses proven investigation techniques to differentiate legitimate behavior from the tactics, techniques and procedures (TTPs) used by attackers. Coupled with enhanced telemetry from Sophos Central, which provides a detailed, full picture of adversary activities as part of the service, the scope and severity of threats can be determined for rapid response
• Machine-accelerated human response: A highly trained team of world-class experts generates and applies threat intelligence to confirm threats, and takes action to remotely disrupt, contain and neutralize threats with speed and precision
• Asset discovery and prescriptive security health guidance: Sophos MTR provides valuable insights into managed and unmanaged assets, vulnerabilities for better informed impact assessments and threat hunts. Prescriptive and actionable guidance for addressing configuration and architecture weaknesses enables organizations to proactively improve their security posture with hardened defenses

Sophos MTR is customizable with different service tiers and response modes to meet the unique and evolving needs of organizations of all sizes and maturity levels. Unlike many MDR services that focus on monitoring and threat notification, Sophos MTR rapidly escalates and takes action against threats based on an organization’s preferences.

Sophos MTR is now available from registered Sophos Partners worldwide. Read more on Sophos News, and visit Sophos.com for additional information.

What our partners and industry analysts say:
“Enterprises are facing sophisticated attacks from every direction, and it’s absolutely critical that they can not only detect threats, but also respond to them quickly,” said Aaron Sherrill, information security senior analyst at 451 Research. “Many vendors claim to offer response capabilities, but in reality, few take the actions needed to eliminate threats as part of their core managed detection and response (MDR) offerings. Sophos MTR combines Sophos’ consistently top-rated endpoint protection with human expertise and troves of threat intelligence collected from SophosLabs to create an entirely new offering that meets a mounting market need.”

“The only way to protect against today’s advanced threats is to combine the best tools with the brightest human minds,” said Jeremy Weiss, cybersecurity practice lead at CDW. “Sophos Managed Threat Response is a game changer, combining machine learning with human analysis for an evolved approach to proactive security protection. The customizable offering strengthens our existing threat hunting capabilities and helps us better protect our customers.”

“Cybercrime doesn’t sleep – it’s always ‘on’ – and organizations need around-the-clock protection,” said Ken Hamilton, president and CEO at Total Tech International Inc. “With Sophos Managed Threat Response, Total Tech customers can rest assured that they’re covered even during the second and third shifts that are notoriously difficult to staff. Security health recommendations deliver additional tremendous value, empowering us to take immediate action on improving security defenses.”

Call SpartanTec, Inc. and let our team of computer security experts help set up the most effective measures to protect you against common and advanced cybersecurity threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Why Does Your Enterprise Need A Network Security Firewall?

Managed Threat Response

On July 14, learn about how MTR backs your organization with an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralize even the most sophisticated threats.

July 14th  2:00 EST
Register Here

A network security firewall works as a barrier that will prevent destructive forces away from the computers on a network that’s behind the firewall. The network firewall is a lot like a physical firewall that prevents a fire from spreading from one place to another. Firewalls will protect against various security threats such as denial of service attacks, worms, viruses, and unauthorized remote logins.

 

What is network security firewall?

 

Firewalls are considered as network security systems that check and control the network traffic according to the predetermined security regulations. A firewall Myrtle Beach SC will create a barrier between untrusted external networks and trusted internal networks. Firewalls can either be host based firewalls or network firewalls. A network firewall will filter traffic between several networks and generally runs on a network hardware. Meanwhile, host-based firewalls can be operated on host computers. They work by controlling the traffic of the network both in and out of these machines.

 

Network security firewall is referred to as a security system that is created for stopping unauthorized access to sensitive network information. Firewall could e used as hardware or software and could separate a certain network as well as its data from an external network to keep the privacy of a certain network’s data. There many benefits linked with the use of a firewall in a network including its easy installation and high speed. Using a firewall for your network is relatively cost effective compared to securing every computer separately.

 

Types of Firewall Architectures

 

Circuit Level Gateways

 

A circuit level gateway is a simple type of firewall Myrtle Beach SC that is made to easily and quickly deny or approve traffic without taking up a lot of computing resources. It works by verifying the TCP or transmission control protocol handshake. This check is made to ensure that the session the packet came from is legitimate. Therefore, in case a packet will hold malware, but provided the appropriate TCP handshake, it will be approved. That’s why circuit level gateways alone may not be sufficient for protecting your business.

 

Next Generation Firewalls

 

Next generation architectures are the latest firewall products that were released. The common features include TCP handshake inspections, deep-packet inspection, as well as what they refer to as packet inspection on a surface level. Next generation network security firewalls may also include other kinds of technologies like IPS or intrusion-prevention systems that run to immediately prevent attacks on your network. However, there’s no single definition of what a next general firewall is and that is why it is crucial to check what certain capabilities like firewalls have before you purchase one.

 

Packet Filtering Firewalls

 

Packet filtering firewalls will make a checkpoint at a switch or a traffic router. Firewalls does a basic check of the data packets that comes through the router, checking data such as the destination as well as the origin of the IP address, packet type, port number as well as other surface level data without going to open up the packet to check its content. In case the information packet doesn’t pass the infection, it will be dropped. These firewalls are not resource intensive, and that is a good thing. They do not have a major effect on the performance of the system and these firewalls are simple.

The network security firewall market is increasing at a rapid pace because of different factors. Factors that promote the adoption of this industry are increasing demand for network security and privacy across the globe. Firewalls are the first line of defense and the protector against legal traffic and attacks that pass in and out of the network. Firewalls are crucial components that assist in protecting private systems of a home system, company, etc.

Call SpartanTec, Inc. and let our team of IT experts find the most effective firewall and cybersecurity measures that will protect your company against various online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Intelligent Endpoint Detection and Response

Intelligent Endpoint Detection and Response

Synchronized security allows you to layer your defenses and stop malware in its tracks, no matter where it is in your environment.

July 7th 2:00 EST
Register Here

Tens of millions of workers have been forced to work from home as the COVID-19 virus rampages around the globe.

That has naturally increased reliance on internet connectivity and disrupted a number of longstanding, well-established working routines. Some of the changes have been for the better, including not having to fight traffic during the daily commute, for example.

However, other changes have made it difficult to work effectively and efficiently. Until recently, no one has been able to study or precisely measure how those changes are impacting the legions of people currently working from home.

That is beginning to change. Recently a California-based tech firm called Fluxon published the results of a survey they conducted to get a better handle on how work behaviors have changed with so many people now working remotely. The results of the survey contain a number of surprises.

Here's a quick overview of the company's findings:

• Nearly one quarter (23.3 percent) of survey respondents reported feeling more disciplined and almost a third (29.6 percent) report that they are more creative working from home than they were in the office.
• Nearly three quarters (72.4 percent) of respondents reported that there have been challenges and difficulties with the transition, with the top ten problems survey respondents encountered being:
  • Technology/connectivity issues (50.6 percent)
  • Communication issues (39.6 percent)
  • Virtual Meeting issues (34.4 percent)
  • Lack of social interaction (32.5 percent)
  • Boredom (31 percent)
  • Difficulty collaborating with colleagues (29.9 percent)
  • Not enough face to face time with team members (26.3 percent)
  • Loneliness (25.1 percent)
  • Difficulty accessing company resources (19.1 percent)
  • Difficulty balancing work and home life responsibilities (18.6 percent)

Other issues included things like unproductive meetings, difficulty stopping or stepping away from work, insufficient workspace, and colleagues contacting workers outside of normal business hours. In addition to that, fully a third of survey respondents said they felt less disciplined and efficient since working from home.

The survey results are fascinating and clearly illuminate the challenges, opportunities and areas where working from home can be improved. Wise is the manager who takes these statistics to heart and uses them to make incremental improvements.

Call SpartanTec, Inc. and let our team of IT professionals set up the appropriate cybersecurity measures to protect your employees as they work from home.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Credit Card Data Breach Affects Jewelry, Accessory Store

Claire's Jewelry and Accessories is the latest company to fall victim to hackers.

According to a recent disclosure made by the company, both the retail giant's main website, and the website of their subsidiary, Icing, were compromised.

They were hit by what appears to be a Magecart attack.

The company's disclosure reads in part as follows:

"On Friday, we identified an issue related to our e-commerce platform and took immediate action to investigate and address it. Our investigation identified the unauthorized insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process. We removed that code and have taken additional measures to reinforce the security of our platform.

We are working diligently to determine the transactions that were involved so that we can notify those individuals. Cards used in our retail stores were not affected by this issue. We have also notified the payment card networks and law enforcement. It is always advisable for cardholders to monitor their account statements for unauthorized charges.

The payment card network rules generally provide that cardholders are not responsible for unauthorized charges that are timely reported. We regret that this occurred and apologize to our customers for any inconvenience caused"

The attack apparently came just one day after the retailer closed down all of their brick and mortar shops worldwide as a result of the COVID-19 pandemic. Based on the investigation to this point, the hackers were actively trying to steal customer credit card data between April 30th and June 13th, 2020.

If you or any member of your family has made a purchase on either the Claire's website or their subsidiary site Icing, be aware that your payment card information may have been compromised. Be sure to alert your credit card issuing company right away, and be on the alert for any suspicious charges that may appear on the card or cards used to make those purchases.

 

Call SpartanTec, Inc. today and let us help you set up the most effective cybersecurity measures to protect your business against potential data breaches.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Proactive Cybersecurity – Watch Out For Compromised Credentials

Many IT security teams these days are under pressure. With the decrease in human resources, the have to deal with a rising number and range of complicated threats and support the ground breaking digital transformation projects that could either make or break their organization’s fortunes. Given this uphill task, most cannot do anything but react to cyber threats as they come up, fighting so desperately in a cycle that seems to never end.

However, there is a much better way. By investing in a managed IT services and making it a part of a multi-layered cybersecurity approach, IT leaders could regain their control back. Keeping track of the deep, surface, and dark web for these compromised credentials can help them protect the company from the outside in; getting rid of the breach risk before it actually has time to take root and harvesting insight to create a more resilient and stronger cyber defense.

A New Cybersecurity Focus

Many organizations have a reactive security stance because of the pressures the IT security team faces during these modern times. Apart from that burden are the heterogenous and complex systems; IT skills shortages are expected to reach 350,000 roles in 2022.

The industry of cybersecurity has over time created a notion that you could block the threats at the perimeter, that with the appropriate tools set in place, cyberattacks can be prevented. This as provide several firms a false sense of identity.

Therefore, the key is not to totally depend on reactive cybersecurity. Once you admit that your business can be a target of cyberattacks, the focus must be shifted to preventing these attacks even before the hackers have had the chance to make money out of the customer and corporate credentials that were stolen.

Anatomy of a Security Breach

Knowing the lifecycle of the credential theft is the first step to mitigating the risk effectively. There are four stages that you need to know.

1. Gathering of the credentials through phishing, malware, DNS hijacking, and more.
2. Filtering and extracting the credentials are done through emails, FTP, IRC and other channels.
3. Stolen credentials are validated through bots and automated online account checkers.
4. The credentials are monetized by selling them via the cybercrime underground or utilizing them directly to hack corporate social network accounts, mass identity fraud, defacing websites, and more.

With the appropriate threat intelligence, IT security teams could mitigate the risks while the cybercriminals are still validating the credentials that have been stolen or even before they have extracted them fully.

Getting Rid Of The Blind Spots

Companies should already be using multifactor authentication. However, only a few businesses do and many are still using password based systems. If you are one of the latter, you should find ways to minimize the risk of credential theft.

That’s why it’s crucial for you to find ways to detect compromised credentials effectively. The appropriate kind of threat intelligence fees would search the deep, open, and dark web for stolen passwords proactively through the use of crawlers, sensors, honeypots, sinkholes, or a combination of any of them.

Call SpartanTec, Inc. now and let our team of IT expert help set up the most effective cybersecurity strategy to protect minimize the risk of your business facing a cyberattack.

 

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Issues With Internet Based Devices After Expired SSL Certificate

Recently, a number of Roku streaming channels mysteriously stopped working, leaving customers scratching their heads trying to figure out what went wrong.

After some research, Roku's support staff discovered that the issue stemmed from a global certificate expiration.

They advised impacted customers to update their certificates manually by visiting the company's website and following the instructions posted there.

Since Roku's announcement, both Stripe and Spreedly experienced similar disruptions that traced back to the same root cause. This issue has revealed a hidden flaw in the design of many, if not most Internet of Things devices, and many of them will ultimately suffer the same fate.

IoT devices are becoming increasingly popular, but unfortunately, making use of them is fraught with peril. Most have no security at all, and few have anything more than the most rudimentary security protocols in place and can be hacked with relative ease.

Worse, as this issue highlights, many IoT devices simply have no means of receiving updates automatically, which puts users on the hook to manually update every smart device they have in their homes.

Security researcher Scott Helme had this to say about the issue:

"This problem was perfectly demonstrated recently, on 30 May at 10:48:38 GMT to be exact. That exact time was when the AddTrust External CA Root expired and brought with it the first signs of trouble that I've been expecting for some time."

"We're coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it's been 20+ years since the encrypted web really started up and that's the lifetime of a Root CA certificate. This will catch some organizations off guard in a bit way."

Heme notes that the next potentially significant date will be 20th September, 2021, when the CA certificates issued by DST Root CA X3 are slated to expire. If you have one or more IoT devices in your home, be aware, and be prepared to manually intervene when they stop working.

Call SpartanTec, Inc. if you the help of IT experts in securing your devices, network, and data. 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

This New Malware Is Hitting Exchange Servers To Steal Info

Protect Your Company Data Webinar
June 25 1:00 EST
Register Here

In late 2019, a new strain of malware called "Valak" was detected. In the six months that followed its initial discovery in the wild, more than 30 variants of the code were detected.

Initially, Valak was classified as a simple loading program.

As various groups have tinkered with the code, it has morphed into a much more significant threat, and is now capable of stealing a wide range of user information. That is, in addition to retaining its original capabilities as a loader.

Researchers from Cybereason have cataloged the recent changes to the code. They found it to be capable of taking screenshots, installing other malicious payloads, and infiltrating Microsoft Exchange servers, which seems to be what it excels at.

Most Valak campaigns begin with an email blast that delivers a Microsoft Word document to unwitting recipients. These documents contain malicious macro codes, which is an old, time-tested strategy.

If anyone clicks on the document and enables macros, that action will trigger the installation of the malware. Chief among the executables run is a file called "PluginHost.exe," which in turn, runs a number of files, depending on how the Valak software is configured. There are several possibilities here including: Systeminfo, IPGeo, Procinfo, Netrecon, Screencap, and Exchgrabber.

It is this last one that is used on Microsoft Exchange servers and is capable of infiltrating a company's email system and stealing credentials.

It is the extreme modularity of the malware's design that makes it a significant threat worth paying close attention to. Cybereason found more than 50 different command and control servers in the wild, each running a different strain of the software, and each with wildly different capabilities. However, they all share a common infrastructure and architecture.

Stay on the alert for this one. We'll almost certainly be hearing more about it in the weeks and months ahead.

Call SpartanTec, Inc. now and let our IT team help you improve your cybersecurity measures.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Making This One Mistake With Your Network Can DESTROY Your Business

Protect Your Company Data Webinar
June 25 1:00 EST
Register Here

A lot of businesses wait until something breaks before they fix it. And even then, they may take a “patchwork” approach to fixing the problem. They are reactive rather than proactive. Sometimes taking a reactive approach is fine, but other times, and depending on the circumstances, it can lead to even bigger problems.

When it comes to network security, for example, being reactive to problems can be downright dangerous. It’s not just hackers you have to worry about. There are power outages, data loss, equipment failure and more. In IT, a lot can go wrong. But if you’re proactive about cyber security, you can avoid many of those pitfalls.

Reactive IT support used to be the norm. Most network security specialists went to work after something went wrong. Unfortunately, some businesses still have this reactive mindset when it comes to their IT and network security. They have an “it won’t happen to me” attitude. The truth is that these are the people most at risk. It’s not a matter of if, but when. Hackers and cybercriminals are more active than ever.

Thankfully, proactive support is now the norm. More and more IT services and security firms have the tools and resources to protect you BEFORE the worst happens. So, why partner with an IT services company?

There are many reasons why it’s a good idea. One great reason that doesn’t often get talked about is that working with an IT services company is an added value for your customers. When they know you’re taking IT security seriously – and when they know their data is safe – their trust in you is boosted.

When you build trust, you build loyalty, and customer loyalty is getting harder to come by these days. Plus, happy, loyal customers are much more likely to refer you to others who may be in need of your services. That alone makes investing in proactive IT security worth it.

Here’s another reason why working with a proactive IT services firm makes sense: it’s MUCH easier than trying to do it yourself. Many small businesses simply don’t have the resources to hire an internal IT specialist or a team. Not only can that be very costly, but it’s also rarely practical. Think of it this way: if you hire an IT specialist to handle your network security, manage cloud backups and provide general IT support, then what happens when they take a day off or take a vacation?

Having a dedicated IT specialist on your team isn’t a bad thing, but they can be stretched thin very easily. You could be left with gaps in your support should anything go wrong. Suddenly, you don’t have anyone you can call. Working with a dedicated IT services firm solves these problems.

To take that a step further, good IT services companies are also great at catching problems before they become problems. They can catch things that might not have even been on your radar. For example, if your cloud backup service isn’t backing up your data correctly, or is backing up the wrong data, they’ll catch that. Maybe you’re saving data that’s not properly encrypted. They’ll catch that. Maybe you have an employee using software that’s months out-of- date. Again, they’ll catch that.

When you call up an IT services company and say you want to take a proactive approach to your network security, they should be willing and able to provide just that. An experienced firm will have a team with the training, certification and experience required to tackle today’s cyberthreats, while managing your network’s day-to-day needs.

They know IT because they live IT. They help with data recovery should anything go wrong; they are your help desk when you have questions or concerns and they keep your onsite malware protection up-to-date. They are tailored to your business’s specific needs. And as you grow, they adapt to your changing needs.

Put an end to the outdated way of thinking about IT security. It’s time to be proactive and to recognize your company’s vulnerabilities before they become vulnerabilities. You just have to make the call. Get in touch with SpartanTec, Inc. now and let us help you.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Only 33 Percent Of People Change Password After Data Breach

Protect Your Company Data Webinar
June 25  1:00 EST
Register Here

 

A new study was published by researchers from the Carnegie Mellon University's Security and Privacy Institute and was presented at the 2020 IEEE Workshop on Technology and Consumer Protection.

The study has grim news for IT Security Professionals.

The key finding in the report is that only about one third of users will change their passwords after a company announces a data breach. This information was based not on survey responses, but on browser histories collected from the 249 participants who volunteered to open up their browser history for the purpose of the research.

The browser history data was collected between January 2017 and December 2018 and included both a complete map of all of the websites each participant visited during that time, and the passwords used by each user to access sites that required a login.

Over the course of the study, only 63 participants had accounts on breached domains during the data collection period, and of those, only 21 (33 percent) changed their passwords. Worse, 6 of the 21 took longer than 3 months to do so.

If that wasn't disheartening enough, most of the changed passwords were highly similar to the old password used. They were similar enough that simple brute-force techniques would be successful in giving a hacker access to the accounts in question, even after the password change.

It should be noted that this study was quite small in scale and limited in scope, so additional studies should be conducted to see if the trend holds up over time. However, it does provide a valuable, and worrisome data point that should give IT Professionals pause.

Education is the best way to combat this, but few companies spend the time and resources necessary to truly impart the seriousness of the consequences of a data breach. In addition, the message simply isn't getting through. That's unfortunate, and it could have tragic consequences, both at the personal and Enterprise level.

Call SpartanTec, Inc. if you need help in securing your business or client information.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/