New research from the WatchGuard Threat Lab reveals that 50 percent of government and military employee LinkedIn passwords, largely from the US, were weak enough to be cracked in less than two days.
When it comes to cybersecurity, no doubt humans are the weakest link. No matter how many layers are added to your security stack, nor how much phishing education and awareness training you do, threat actors continue to develop more sophisticated ways to exploit the human vulnerabilities with socially engineered attacks. In fact, as security defenses keep improving, hackers are compelled to develop more clever and convincing ways to exploit the human attack surface to gain access to sensitive assets.
In the last few years, executives overseeing energy, utility and other industrial organizations have begun to worry about the threat of cyberattacks on our nation’s most critical infrastructures. Ten years ago, their main concerns were focused on safety or environmental risks. Back then, operators believed the virtual barricades, or air gaps, between networks and technologies were sufficient enough to defend against malware and cyberattacks.
Advocating for the return on investment (ROI) in IT security has traditionally been a challenge for IT professionals to communicate to management. IT teams are responsible for the complicated task of balancing budget limitations with strong protection that will reduce the risk of a cyberattack in today’s dynamic threat landscape. However, according to a recent Kaspersky Lab report, businesses are starting to invest more in IT security rather than treat it as a cost center.
Technology has advanced at an astonishing rate in the last decade, and the pace is only set to accelerate. Capabilities that seemed impossible only a short time ago will develop extremely quickly, aiding those who see them coming and hindering those who don’t. Developments in smart technology will create new possibilities for organizations of all kinds – but they will also create opportunities for attackers and adversaries by reducing the effectiveness of existing controls. Previously well-protected information will become vulnerable.
Researchers from the U.K.-based penetration testing service Pen Test Partners recently attacked a video surveillance system, and they pulled off a fairly scary feat. “We successfully switched video feeds from one camera to another through the cloud service, proving arbitrary access to anyone’s camera,” they wrote.
Don’t know what a penetration tester is? You’re not alone; more than 50 percent of U.S. adults surveyed by the University of Phoenix have never heard of pen testers or “White Hat” ethical hackers, among other cybersecurity job titles, and only about one in 10 survey respondents is “very familiar” with the 11 jobs in the industry queried in the survey.