On Monday, it was announced publicly that Wi-Fi security, specifically the WPA2 standard, was essentially broken. The culprit is a bug named KRACK (Key Reinstallation Attack) which takes advantage of fundamental flaws in how WPA2 operates, and has exposed many shortcomings in how the industry responds to such attacks as well. WPA2 (Wi-Fi Protected Access II) is hugely prevalent, as it is the current generation of authentication used on wireless networks. That means that almost every wireless device could be affected by KRACK, as most devices use WPA2. This includes everything from laptops and phones to routers and IoT (Internet of Things)/Smart devices.
Ransomware has taken the world by storm this year, costing millions for businesses around the world. In the last 12 months alone, the number of ransomware variants spotted in the wild has more than doubled. As its prevalence has increased, so has the complexity of the attacks, and new ways to defend against them have been developed. Microsoft have been known to take the ransomware threat very seriously, even releasing a security patch for the long obsolete Windows XP operating system in the wake of the infamous WannaCry attack back in May. With the realease of the Windows 10 Creators Update (build 1703), now there are even more features built right in to the OS that can prevent and protect against ransomware. In fact, it’s so secure that Microsoft claim no Windows 10 devices were affected by WannaCry.
The Creators Update of Windows 10 is Microsoft’s most secure operating system yet, containing many anti-ransomware features
NIST is the US National Institute of Standards and Technology, and back in 2003, a password primer was written by one of its managers that put forward recommendations, many of which became the rules we have now. Special characters, mixture of upper and lower case letters, regular password changes – these have all been adopted into ‘best practice’ for password security since NIST made these recommendations. Now, however, these complexity guidelines and regular password changes have been repeatedly proven by experts to actually be less secure for companies, due to the work-arounds humans put in place to make remembering password easier. NIST thankfully have released their mistake and have provided updated best practice standards for password security. Why the sudden change of heart, you may ask? Well, over a billion passwords a year are breached by cyber criminals, and the data obtained shows that when presented with a long list of password criteria, people tend to try something basic first and then just tweak it until it fits. For example, ‘password’ becomes ‘Password1’, which may be more mathematically secure, but can be easily guessed instead.
Previously established guidelines are mostly being discarded, in favour of rules that simplify passwords for the user
No one looks forward to those mandatory password changes every few months, as it can be incredibly frustrating to constantly think of new passwords with the right mixture of capital letters, special characters and numbers. In fact, many people try to simplify the process by using a variation of their previous password – ‘Password1’ becomes ‘Password2’, and so on. In fact, the entire basis for issuing new guidelines stems from one simple fact; people can’t remember all the passwords that they have been forced to create, ultimately causing them to create less secure passwords than if they didn’t have to adhere to the guidelines in the first place. So with all that in mind, here’s a breakdown of the new best practices and why they’re easier and more secure:
Recently, car insurance and breakdown cover provider AA faced accusations of covering up the severity of a data breach that occurred in April of this year. The AA, through their customer support Twitter, chose to downplay reports of the breach and assured users that no credit card or other sensitive data had been exposed. Data was leaked from their online shop due to a server misconfiguration. However, this server contained data on over 100,000 AA customers, and included partial credit card data. Despite knowing about this breach for over two months, it wasn’t until the cyber security community cried out in outrage that AA eventually admitted to the severity of the breach. No customers were notified by the AA directly.
No customers that were impacted were directly notified by the AA, despite the breach being discovered in April.
Everyone’s talking about cyber security these days, and there’s a seemingly endless list of protective measures to be taken to prevent cyber attacks. It can be a bit daunting, and at times hard to secure the right budget, so is all this hype about security really necessary? The short answer is – YES. The long answer is that in order to understand why cyber security has taken over the forefront of IT for businesses, you must first understand that cyber criminals are no longer just bedroom hackers; they’re a fully fledged industry.
Cybercrime costs the economy an estimated $450 billion globally
Cybercrime-as-a-Service is on the rise in a big way, with criminals constantly developing more advanced ways to steal businesses’ hard-earned cash over the internet. The industry continues to evolve and adapt and is now highly organised. All one has to do is log onto certain sites on the Dark Web and they’ll be greeted with professional hackers offering ransomware, malware, phishing, DDoS and much more as-a-service.