MySpace, Tumblr, and LinkedIn are all currently grabbing headlines for data breaches that happened years ago and have only now come to light:
These three are not the only ones coming to light, with another breach from 2011 at Fling affecting 40 million records. In a very short span of time, you can see that more than half a billion passwords were affected in the combination of these breaches, all from several years ago. These breaches still have the potential to wreak havoc both at the individual and the corporate levels.
— Absolute (@absolutecorp) June 15, 2016
Although passwords in many of these cases had some level of protection, it’s clear that such protection has been inadequate. Passwords are being cracked quite easily, revealing a huge database of very common passwords still being chosen (things like 12345 or p@ssword). From a corporate perspective, aside from reminding us of the importance of adequate data storage and protections and password authentication methods, these breaches show the pervasiveness of the insider threat. Employee password practices, inadvertently or without their knowledge, are putting corporate data at risk.
Let’s make it clear: how many of you looked at these major data breaches and forced a password reset within your organization? Password reuse is far more prevalent and worrisome than you think, so when a password is compromised, it’s pretty likely it can be used to “unlock” access to other accounts, whether they are additional websites or even your corporate network. Even a “strong” password becomes a moot point if it’s used across multiple sites and one of those sites is compromised. Forced passwords on their own can lead to additional password reuse (from fatigue), so perhaps consider it a good time to recommend a password manager to all employees (or better yet, supply it).
The insider threat is frightening because an outsider using insider credentials has the potential to do significant damage to your business. The average cost of a data breach has been on the rise for many years, but now organizations are facing heavier compliance fines, years of oversight from regulatory bodies, class action lawsuits, and personal liability.
The insider threat comes in all shapes and sizes, that’s why successful detection relies on your ability to identify the threat. Absolute Data & Device Security (DDS) helps you identify potential security threats and respond rapidly before they become damaging security incidents. Learn more at Absolute.com