Navigation Links
With Russian Hackers Stealing over a Billion Credentials, Business Password Policies in the Spotlight

New York, NY (PRWEB) August 09, 2014

On Tuesday, August 5th, The New York Times ran a story about Russian Hackers who managed to pilfer and collect over 1.2 billion user credentials, user names and passwords. To help put some heft to the gravity of numbers like these, consider this; the United Nations released results of a study in May of this year which arrived at the conclusion that by the end of 2014, three billion people around the world will be connected to the Internet, leaving a full 60%, or roughly 4.2 billion, still on the outside looking in. So if every stolen credential could be assigned to a unique individual, over 1 in 3 people connected to the Internet would have their credentials in this group’s hands, who can sell, use for identity theft, or leverage them in any other way they see fit. And according to Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security solutions and incident response, “Businesses really need to take the hint when they see a story like this and wonder just how safe their networks are. Bad password habits are a killer when it comes to security, but you’d be shocked to know how many organization’s we’ve seen after incidents which could be traced to completely unacceptable, or totally non-existent password policies, procedures and enforcement.”

Science will eventually solve human laziness when it comes to the password dilemma, but in the meantime…

“One of the biggest problems is just the sheer volume of passwords most people have to keeps tabs on for an ever-increasing number of accounts. So human nature steps in and deals with the problem by having that little voice inside convince us that it’s OK to use the same password on different sites,” Caruso says, “Less to remember, right? Then the little voice rationalizes it; no one knows my password, I’ve never had my credentials stolen, so what’s the harm? Well, the harm is by doing that you are not only putting your own identity and accounts at risk, but in many cases you’re also putting your employer and the entire business network at risk – in other words, your livelihood. If hackers manage to steal your credentials from one site, even if it’s through no fault of your own, like an inferior security posture and vulnerabilities on their end, it doesn’t take a lot to automate the process of using your matched credentials to test all kinds of sites, from your Facebook page or email account, to PayPal, eBay or even your bank, and yes, your business network too. Science will eventually solve this problem, but what the solution will look like is still anyone’s guess. Some kind of biometrics is a good bet, and they already have a lot of things on the table on that front, common ideas like fingerprinting, like on the new iPhones, or retinal scans, to the more unique and outlandish, like your heart rhythm or hand dimensions, or even way-out-there ideas like your very own flavor of body odor serving as the key to your data. But for now, passwords are still something you have to somehow remember and enter with your keyboard, and armed with the secret characters, anyone can do it for you, or as you.”

With professional vulnerability assessments, password vulnerabilities can be exposed and solved.

“The way to expose vulnerabilities in any environment is to test for them,” Caruso says, “and password problems are no different. When we do our vulnerability assessment and penetration testing (pen-testing) for clients, we usually launch a full blown spear phishing campaign to see who we can dupe into giving us their credentials, and we’ve never failed to get users on the hook in any organization we’ve ever tested. And when the responses start rolling in, we get to see the passwords people are using, and let me tell you, it can be frightening to see. The really dumb stuff like “qwerty,” “abc123,” and “god” protecting access to sensitive business data or digital assets still pop up so often it makes you really wonder what some folks could possibly be thinking. It’s so ridiculous it can sometimes border on amusing. Then there is the usually another crew that like to use names and dates of loved ones and events, many of which could be easily figured out just by visiting their Facebook page, which hackers love to roam for that kind of information. But when we bring it up during the reporting stage and call out the offenders, no one is laughing. And once we’re armed with the evidence, we go to work, hand in hand with the client, to create, fix or strengthen their policies, procedures, and enforcement concerning passwords, while also identifying any other weak links anywhere along the cyber security chain. There are many ways to approach solving the problem, but armed with our testing results and an in-depth knowledge of the client’s digital landscape, data flow, business requirements and regulatory compliance issues after the assessment and testing process, we can help them tailor a plan which will fit just right.”

Custom solutions for today's cyber threats

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit

Read the full story at

Source: PRWeb
Copyright©2014 Vocus, Inc.
All rights reserved

Related medicine news :

1. Bright Plaza offers “Kaje” Website Security Solution to Russian Hacker Password Breach
2. Global Vision Enters the Russian Market
3. The Russian Banya, a Second Mother
4. Chestnut Street Apartments, San Francisco's Hottest Russian Hill Apartments for Rent, Participates in Trinity Management Job Fair
5. 123Greetings Launched Spanish, Chinese, Russian, & Hindi Ecards Under World Languages, Adding Diversity To Its Collection
6. CogniFit launches its online brain training website in Russian
7. Certified Russian Kettlebell Instructor Accepting New Students in San Diego
8. Cody Bramlett, Certified Russian Kettlebell Instructor (RKC), Launches Kettlebell X Boot Camp
9. Recent marijuana use in HIV-infected Russians associated with increased sex and drug risk behaviors
10. The Holiday Season Means Phishing Season for Hackers
11. Targets of Opportunity Still Hackers’ Best Friends, With Some New Twists, Mid-Year 2013 ENISA Report Shows
Post Your Comments:
(Date:11/25/2015)... (PRWEB) , ... November 25, 2015 , ... ... for Tuberous Sclerosis Complex (TSC), as well as raising public awareness of the ... they need it—presented a third donation of $35,000 to bolster progress at the ...
(Date:11/25/2015)... ... 25, 2015 , ... Bunion Bootie , the newest ... of the early holiday shopping season. Starting Wednesday November 25th, Bunion Booties are ... Friday promotional pricing is in addition to any automatic discounts applied when buying ...
(Date:11/24/2015)... ... ... Dr. Todd S. Afferica, a noted general dentist in Norcross, GA ... Afferica now uses the BIOLASE WaterLase iPlus 2.0™ in many of his dental procedures. ... traditional cutting tools, such as the scalpel and high-speed drill, which can both cause ...
(Date:11/24/2015)... ... , ... Charitable giving is at its peak during the holidays. In ... of the year totalling over $358 billion in 2014. With more than 1.5 ... those individuals who want to “give back” during the holidays. , “With so many ...
(Date:11/24/2015)... (PRWEB) , ... November 25, 2015 , ... ... technologies and development solutions for drugs, biologics, consumer health and global clinical supply ... present at the upcoming Clinical Trial Supply East Asia Conference, to be held ...
Breaking Medicine News(10 mins):
(Date:11/24/2015)... -- Teledyne DALSA , a Teledyne Technologies company and ... its CMOS X-Ray detector for mammography at the ... 3, at McCormick Place in Chicago . ... imaging will be on display in the South Hall, Booth ... X-Ray detectors is the industry benchmark for high speed imaging ...
(Date:11/24/2015)... , Nov. 24, 2015  Boston Scientific Corporation (NYSE: ... Oppenheimer 26th Annual Healthcare Conference on December 8, in ... Susie Lisa , vice president, Investor Relations, will participate ... beginning at approximately 8:35 a.m. ET. --> ... in a 30-minute question-and-answer session with the host analyst ...
(Date:11/24/2015)... 2015   Renowned ... deliver s advice and insights on supplements ... More than 50% of Dubai ... to the DHA   femMED launches comprehensive solutions for women ... Dubai residents are not consuming enough to keep themselves ...
Breaking Medicine Technology: