For much of the past decade, the biggest security mistakes have boiled down to fumbling some basic tech security practices.
Find out what these mistakes are and how to mitigate your risk.
1. Falling Victim To Phishing
The biggest security breach in history, targeted at Yahoo, affected more than 3 billion accounts in total.
Russian agents hired hackers to infiltrate Yahoo’s user database that contained:
Password challenge questions and answers
Password recovery emails
A cryptographic value unique to each account
The Russians used this information to access certain accounts.
CSO’s analysis of FBI documents reveal that the Russians did this by sending a spear-phishing link via email.
“It's unclear how many employees were targeted and how many emails were sent,” CSO writes, “but it only takes one person to click on a link, and it happened.”
A business’s employees must be aware of phishing attacks and how to avoid them.
2. Not Having Robust Security Practices
Former Equifax CEO Richard Smith testified before the Digital Commerce and Consumer Protection committee that one person was responsible for the data breach that exposed the Social Security numbers and driver’s licenses of 143 million people in 2017.
He said that on March 8, a team noticed “the need to patch a particular vulnerability.” The company then sent an email to the appropriate personnel responsible to deploy the software upgrades within 48 hours.
“The notion that just one person didn’t do their job and led to the biggest breach in history is quite an amazing claim and shows a fundamental lack of good security practices,” writes Sarah Buhr at TechCrunch.
Regardless of how the breach happened, there are two important takeaways about the Equifax breach.
First and foremost, have a security plan at your organization. Secondly, if the lack of patch deployment was the culprit, that points the need for applying timely software updates.
3. Failing To Enable Multifactor Authentication
The Guardian broke in 2016 that hackers had access to Deloitte’s 350 clients’:
Architectural diagrams for businesses
The hackers exploited an administrator’s lack of multifactor authentication, also known as two-factor authentication or 2FA. “The account required only a single password,” says The Guardian.