Just in the last post, we were discussing how even some of the world’s mightiest enterprises were falling prey to hackers. Now comes the bad news about the security breach in LinkedIn!
Reports claim that over 6.46 million hashed passwords stolen from LinkedIn have been published on a Russian forum. In a blog post, LinkedIn has confirmed the security breach, but remains silent on the magnitude: “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation”, says the post.
LinkedIn has promptly initiated security precautions by enforcing the users whose accounts were compromised, to reset their passwords. In the aftermath of the LinkedIn breach, security analysts have once again reiterated the importance of following the best practices in password usage. The Linkedin breach indeed has important lessons to offer for end users and enterprises – it is time to seriously consider using a password manager!
How does a data breach in one site affects end users?
It is quite common for users to use the same login credentials in multiple sites – social media and other applications. Still worse, some users tend to use the same password for all accounts – right from email accounts, social media to banking, brokerage and finance accounts.
If the password gets exposed in one of the sites, just as it happened in this case, in all probability, hackers would be able to easily gain access to your other accounts too. So, it is always prudent to have unique passwords for every web site, application and supply it ONLY on that site/app. When there is a news of password expose or hacks, you can just change the password for that site/app alone. In addition, you should follow the practice of frequently changing the passwords.
Consider using a Password Manager
Just as you have an email account, you should consider using a password management application too. To combat cyber-threats, proper password management should become a ‘way of life’. Password Managers help securely store all your logins and passwords. In addition, you will get an option to launch a direct connection to the websites / applications from the password vault’s GUI itself. You need not have to even copy and paste the passwords. Just click the link and you will be logged in. Only after deploying a Password Manager, you will realize how easy it is to eliminate password fatigue and security lapses.
Wonder where to find a good Password Manager? ManageEngine Password Manager Pro will come in handy for your needs. Try it now!
Information security lesson for enterprises
As things stand today, though it is not possible and fair to comment on the security practices or lapses on the part of LinkedIn, it is worthwhile to dwell on the cyber-incidents happened in the recent past and draw lessons that could help prevent security incidents in other enterprises in future.
Past trends show that the exact cause of most of the security incidents goes unreported. Of course, there have been instances where the culprits had been brought to book and their modus-operandi revealed to the outer world.
Traditionally, keylogger trojans (which monitors keystrokes, logs them to a file and sends them to remote attackers), cross-site scripting (which enables malicious attackers to inject client-side script into web pages viewed by other users and exploit the information to bypass access controls) and viruses have mostly acted as the security attack channels.
However, of late, as stolen identities seem to have served as the ‘hacking channel’ for most of the cyber-criminals, analysts generally believe that improper management of the Administrative Passwords, which are often aptly referred as ‘Keys to the Kingdom’, is at the root of many security threats.
Another harsh fact is that many a sabotage had been caused by the insiders of the enterprises. Either disgruntled staff or greedy techies or sacked employees were involved in many of the security incidents. That means, in this hi-tech era, breach of trust could occur anywhere, anytime leading to serious consequences. Quite often, lack of well-defined internal controls and access restrictions pave the way for security incidents.
How to combat?
Researchers repeatedly point out that cyber-crimes and identity theft incidents are growing at unprecedented rates and will only keep growing in 2012 due to many reasons, including economic situation, social factors and technological advancements that make the tech-savvy criminals more creative every passing day.
The haphazard style of password management makes the enterprise a paradise for hackers – internal or external. Unfortunately, enterprises generally do not tend to attach importance to this crucial aspect of administrative password management until a security incident or identity breach rocks the enterprise. This negligence often proves costly. Many security breaches actually stem from lack of adequate password management policies and internal controls. Analysts strongly believe that most of the security incidents are actually avoidable by placing access restrictions and well-defined password policies.
One of the effective ways to achieve internal controls is to deploy a Privileged Password Management Solution that could replace manual processes and help achieve highest level of security for the data. Privileged Password Managers help in securely storing the privileged identities in a centralized vault, restrict access to the identities and automate the identity/password management activities. This will help organizations to take total control of the privileged identities. ManageEngine Password Manager Pro is an enterprise-class privileged identity and information management solution, trusted by scores of administrators worldwide.
Not all security incidents could be prevented or avoided; nor could privileged password management software act as the panacea for all cyber security incidents. But, the security incidents that happen due to lack of effective internal controls are indeed preventable. Enterprises should take preventive action to combat cyber-criminals. Otherwise, enterprises might end up locking the stable after the horse has bolted! Try Password Manager Pro.
The original article/video can be found at Data Breach at LinkedIn: Time to Seriously Consider Using a Password Manager!