Shane Chambers No Comments

Credential Stuffing

Credential Stuffing is a common practice in cyber crime where a hacker or cyber criminal gains access to a user’s email addresses and password, and proceeds to try that password against other accounts/services belonging to that individual. This is performed based on the knowledge that users often reuse the same passwords between different accounts/services, albeit sometimes with slight variations.

This is a highly effective means of attack, as users may change passwords for services that they are aware have been breached, but may not think to change that password where it is in use on other accounts. Credential stuffing is also commonly used when attempting to commit identity theft against a user.

It is highly recommended that all users do not reuse passwords between services, and to use a password manager if required to help them remember distinct, secure passwords.

Shane Chambers 1 Comment

Cyber Security Is Not Just for IT – It’s for Everyone

Traditionally, cyber security has been seen as an IT department’s problem. They make sure everyone has antivirus on their PCs and take care of the firewall – and as long as they’re doing it right, then everyone else is safe… right? This has lulled users and business owners into a false sense of security of late, believing that cyber security simply isn’t their area or that it’s not in their job description. However, this attitude is now being taken advantage of in a big way by cyber criminals, who have discovered that individual users are much easier to target and deceive. As a result, users often takes actions which inadvertently allows the hackers to bypass the IT security systems. Traditional antivirus is dead, and even more advanced next-generation antivirus simply can’t stop the most deadly attacks. Now, everyone in an organisation has a part to play in keeping it secure, from the bottom all the way up to the CEO.

Hackers are now finding it easier to target regular users, who often lack cyber security training, than to try and bypass complex technical measures put in place by IT

Read more

Shane Chambers No Comments

Studies Show Many Businesses Confused or Unprepared for GDPR

With the EU General Data Protection Regulation (GDPR) only 8 months away from coming into force, surveys are showing that many businesses across the UK and Ireland are still confused about exactly what the regulation means for them, and may be unprepared for GDPR. A survey conducted of over 1000 IT decision makers revealed that 64% were unaware that customers’ birth dates are considered personally identifiable information (PII), which is especially worrying as any mishandling of such data could constitute a breach of the GDPR and result in fines of up to €20 million. 42% did not realise that email marketing databases contained PII, 32% did not consider physical addresses to be and 21% did not even consider customer email addresses to be PII. In contrast, 85% of these survey respondents reported that they have reviewed the GDPR requirement thoroughly and 79% believe they have done everything they need to do to secure their data. This disparity marks a worrying trend for businesses, big or small.

The GDPR comes into full effect on the 25th of May 2018 – and no one wants to be made an example of

Read more

Shane Chambers No Comments

Consent is Always Required – Busting that GDPR Myth

With the GDPR now less than 8 months away from becoming enforceable, businesses all over the EU and indeed any company that conducts business with EU citizens are scrambling to prepare in time for the legislation. The upcoming General Data Protection Regulation was designed to give back clarity and control to users about how their sensitive data is being processed and held, but has led to quite a bit of confusion for businesses about how this will actually work. Most people will have heard about the increased fines, as regulators can now fines offending bodies up to €20 million or 4% of global turnover, but there is a lot of confusion and indeed misinformation and misinterpretation out there to make the process even more difficult. To this end, there’s a few things we’d like to set the record straight on, particular around consent. Over the coming weeks and months we hope to provide more guidance of areas prone to misinterpretation, so stay tuned!

Myth: You must always have consent to process someone personal data.

With the stakes so high, it can be hard to tell the difference between important guidance and scaremongering when it comes to the GDPR

Read more

Shane Chambers No Comments

NIST Experts Do U-Turn & Issue New Password Security Guidelines

NIST is the US National Institute of Standards and Technology, and back in 2003, a password primer was written by one of its managers that put forward recommendations, many of which became the rules we have now. Special characters, mixture of upper and lower case letters, regular password changes – these have all been adopted into ‘best practice’ for password security since NIST made these recommendations. Now, however, these complexity guidelines and regular password changes have been repeatedly proven by experts to actually be less secure for companies, due to the work-arounds humans put in place to make remembering password easier. NIST thankfully have released their mistake and have provided updated best practice standards for password security. Why the sudden change of heart, you may ask? Well, over a billion passwords a year are breached by cyber criminals, and the data obtained shows that when presented with a long list of password criteria, people tend to try something basic first and then just tweak it until it fits. For example, ‘password’ becomes ‘Password1’, which may be more mathematically secure, but can be easily guessed instead.

Previously established guidelines are mostly being discarded, in favour of rules that simplify passwords for the user

No one looks forward to those mandatory password changes every few months, as it can be incredibly frustrating to constantly think of new passwords with the right mixture of capital letters, special characters and numbers. In fact, many people try to simplify the process by using a variation of their previous password – ‘Password1’ becomes ‘Password2’, and so on. In fact, the entire basis for issuing new guidelines stems from one simple fact; people can’t remember all the passwords that they have been forced to create, ultimately causing them to create less secure passwords than if they didn’t have to adhere to the guidelines in the first place. So with all that in mind, here’s a breakdown of the new best practices and why they’re easier and more secure:

Read more