The fallout of data breaches has long lasting effects – as we’ve seen from the continued impact of the 2012 data breach at LinkedIn. Although the attack happened five years ago, the ripple effects continue to this day. Recent reports of credentials stolen from U.K. officials are a good demonstration of this.
Email addresses and passwords of MPs, parliamentary staff, diplomats and senior police officers were sold, bartered and then made available for free on Russian-speaking hacking forums. In total, over 9,000 stolen credentials were publicly released – with the most common passwords associated with the stolen police emails being “police,” “password,” and “police1.” Sources report that a majority of these passwords came from previous data breaches, such as the LinkedIn hack.
This is yet another example of the “domino effect” that breaches can have across multiple Internet services – and it shows that people still aren’t learning their basic security lessons. We’re still seeing hackers use credentials stolen from one breach to carry out additional cyberattacks on other Internet services where those credentials were reused.
Poor password hygiene practices like these are a struggle for individuals and organisations alike. When analysing the results of last year’s annual Market Pulse survey, SailPoint found that 65 percent of the respondents surveyed admitted to using one single password for multiple applications, while 33 per cent stated they share passwords with coworkers! These risky practices leave businesses vulnerable to cyberattacks.
Ensuring that employees maintain strong password hygiene across all on premise and cloud applications is a significant challenge in a corporate environment. It is complicated even further by the constant change in employee roles and responsibilities, requiring their application access profiles to change continually. This is just one of the reasons why so many enterprises are increasingly turning to identity governance – to enable and enforce good password management policies and behaviors across the company while simultaneously ensuring the appropriate level of user access is maintained at all times.
Throughout my career as an IT leader, I’ve seen firsthand the benefits of putting an identity governance solution in place and how it can transform key aspects of an organisation’s security posture. Identity governance does require investment and commitment by an organisation, along with ongoing education on the critical importance of identity and security best practices. However, in exchange for that commitment, you will benefit from one of the most effective, time-tested methods of ensuring user access security across the board – protecting your applications and your data and stopping the ‘domino effect’ in its tracks.
By Kevin Hansel, CIO at SailPoint