Here’s a Cyberattack That Shows the Weakest Link for Many Organizations
Computers & Technology → Technology
- Author Trent Walton
- Published November 27, 2023
- Word count 737
With October being Cybersecurity Awareness Month, we’ve covered a few topics this month to be aware of from a cybersecurity standpoint, because (as the National Cybersecurity Alliance has promoted), it’s all about awareness to #becybersmart! Here’s one more topic that shows the weakest link for many organizations when it comes to cyberattacks – their own current or former employees and shared passwords.
Kansas Water System Cyberattack
According to The Wichita Eagle, a man named Wyatt Travnichek of the Post Rock Rural Water District in Ellsworth (a rural central Kansas water system which serves about 1,500 customers) pleaded guilty Wednesday to remotely shutting down the plant in March 2019 after a federal prosecutor described how the man told investigators he was “so intoxicated” he didn’t remember anything.
An operator monitoring the plant remotely on March 27, 2019 saw the water plant had gone down. The operator, whose remote access was cut, then drove to the plant and found controls changed and a filter turned off. Investigators traced the actions to Travnichek through his IP address.
Was Travnichek a super-hacker? Nope. Just a former employee who used a shared GoToMyPC account to allow remote access to the system after hours. The system used a shared password to access software that controls the plant and it evidently wasn’t reset when Travnichek resigned in January 2019, over two months earlier.
Travnichek, 22, pleaded guilty in federal court in Topeka to tampering with a public water system and reckless damage to a public computer during unauthorized access. He is set to spend a year in prison under a plea agreement. Formal sentencing is tentatively set for February. He never gave a reason for why he shut the plant off.
Shared Passwords and Former Employees
A recent survey performed by security company Beyond Identity of over 1,000 workers had some startling findings, including:
Nearly 1 in 4 employees said they still had access to accounts from past jobs.
41.7% of employees admitted to having shared workplace passwords.
In addition, more than 1 in 5 employees said they used the same password for their personal bank accounts as they did for work-related accounts. And 14.4% of employees who experienced a data breach of their work account(s) didn’t tell their employer! That’s one reason that the average time to detect and contain a data breach is 280 days!
And these are the people who were willing to admit these things in a survey – the actual number could be quite a bit higher!
It’s Not Just Your Employees
These days, it’s not just employees who have access to your data. Cloud providers do as well. In eDiscovery, that means hosting and managed review providers. Do those outsourcing companies have a password policy for their employees? If so, how do they communicate that policy and train their employees on best practices for managing passwords?
Password policies should include clearly communicated guidelines and mechanisms to protect them, including:
Changing passwords regularly: 90 days is a common cadence for requiring passwords to be changed and forcing password changes periodically can be automated.
Don’t re-use passwords or use the same password for multiple systems: Policies should communicate the dangers of re-using passwords for multiple systems, automated mechanisms can enforce not re-using previous passwords for a system when the old one expires.
Use a strong password: A mix of upper-and lower-case letters, numbers, and symbols is best to minimize the potential for hacking, preferably not containing any words you use regularly or are associated with you. Your dog won’t care if you included her name in your password, so leave out the personal details.
Keep the password private: This means protecting the password you have and not storing it in an obvious place, like a sticky note on your desk. A password manager app is a great place to store your passwords. And shared credentials and passwords should be strictly forbidden!
Conclusion
Failure to enforce password policies with your employees and also with your outsourced providers isn’t providing a cybercriminal a “back door” to your system – it’s like providing a key to the front door with an engraved invitation! Make sure you have sound password policies in place to protect that weakest link that leaves your organization vulnerable to cyberattacks. Regardless how much you spend on technology to protect against cyberattacks, if an intoxicated 22-year-old former employee can get into your system and bring it down, it isn’t very secure, is it?
For more information about Forensic Discovery’s eDiscovery Assessment and Hosted Review services, read here: https://forensicdiscovery.expert/cyberattack-that-shows-the-weakest-link-for-many-organizations/
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- How Collaborating with a Software Development Company Can Propel Your Business Forward
- GoPDF An Online PDF Editor Releases Mobiles Apps Compatible with iOS & Android: A Faster Solution for PDF Editing
- The Best AI Logo Generators in 2024
- Adapting to Rising Parcel Rates in 2024 with Business Central and Order Ship Express
- Zoviz Launches New Solutions Day by Day to Users as An AI Logo Maker
- Is Your Finance Strategy Ready for ERP Software?
- A Beginner's Guide to Starting a Career in Web3
- A Step-by-Step Guide to Easily Connecting Your Printer to WiFi
- Harnessing the Power of License Plating in Dynamics 365 Business Central
- Crypto Weekend: Hydra Being “Abandoned”, New Blockchain Games And Partnerships
- Crypto And Web3: Integration That Opens Up New Opportunities
- Top 10 Features You Didn't Know Existed in Product Configurators for Business Central
- Enhancing Test Case Reusability with Execution Recording
- The Ultimate Guide to Hiring ASP.NET Developers for Your Business
- INVESTIGATING THE NEW MACBOOK AIR M3: STOCKPILING AND SPEED EXPERIENCES
- How to Fix Sump Pump Drainage: A Complete Guide to Keep Your Basement Dry
- From Paper to Digital: Transforming QA with Dynamics 365 Business Central
- How AI Content Moderation Keeps Your Brand Afloat
- the best metal detector
- You’re probably not ready for AI. Guide to K-12 data collection.
- Elevate Your Business Central Experience with Free Barcoding Integration
- Choosing the Best SMS Gateway Provider: 5 Essential Features for Success
- Designing Easy to Use Software: Understanding the Basics of UX Testing in Quality Assurance
- The Link: Merging Brains and Computers
- Machine translation vs AI translation: What sets them apart?
- Navigating the Path to Data Excellence: A Guide to Choosing the Right Power BI Consultant with GTH Cloud 365
- The Future of AI: Exciting Times, Big Questions
- The Evolving Landscape of SEO in 2024: Navigating the Digital Frontier
- Customize Your Gaming Console To Optimize Your Gaming Experience
- Data Recovery Complications