A brute-force attack consists of an attack trying many passwords with the hope of eventually guessing correctly. The attack systematically checks all passwords until the correct one is found, carried out by some form of machine or program. The resources required to carry out a brute-force attack increase exponentially with the length of the password. Short passwords can often be brute-forced in a manner of minutes or hours. Longer, more secure passwords can be made prohibitively difficult to crack, as even a password with only lowercase letters but 15 containing 15 characters would take an estimated 1000 years to crack.
Two Factor Authentication, 2-Factor Authentication or 2FA is a method of accessing a computer or online account in which the user is granted access only after successfully providing two separate pieces of evidence to an authentication mechanism. This is usually done in the form of a factor that requires memorisation combined with a factor that typically requires physical possession by the user.
One of the most common examples of 2-Factor Authentication is withdrawing money from an ATM, as only the correct combination of a bank card (something you physically possess) and PIN (something only you know) will allow access to the account. Another common example is adding mobile authentication to an online account. For example, you set up 2FA on sites like Facebook that require you to sign in with your password in addition to a PIN that is sent to your mobile phone.
Combining multiple factors, especially those that require physical possession of something by the user, makes it much more difficult for hackers to gain access to an account.
GDPR, the EU’s new set of data protection laws, is coming in May of 2018. It is a complete overhaul of how user data is processed by companies and will supersede Irish law, consolidating Europe’s various national laws into one comprehensive regulation. GDPR is all about accountability, and as such, places equal responsibility on both businesses who hold EU data and any third-party providers that may process/hold data on their behalf. In practical terms, that means that if you outsource any aspect of your business, such as payroll to an external HR company, then both parties must be GDPR-compliant, even if the out-sourced company is not based in or even near the EU. So what does this mean for companies who outsource data processing or host data in the cloud outside the EU? Well, it means Microsoft’s suite of cloud services such as Office 365, SharePoint and Azure are now looking a lot more appealing – as Microsoft are offering contractual commitments to their clients to comply with the GDPR in time for the May 2018 deadline.
Microsoft Cloud has promised to be GDPR-compliant as deadline looms
According to Rich Sauer, Microsoft’s Corporate Vice President, “Trust is central to Microsoft’s mission to empower every person and every organisation on the planet to achieve more. So that you can trust the Microsoft products and services you use, we take a principled approach with strong commitments to privacy, security, compliance and transparency.”
Recently, car insurance and breakdown cover provider AA faced accusations of covering up the severity of a data breach that occurred in April of this year. The AA, through their customer support Twitter, chose to downplay reports of the breach and assured users that no credit card or other sensitive data had been exposed. Data was leaked from their online shop due to a server misconfiguration. However, this server contained data on over 100,000 AA customers, and included partial credit card data. Despite knowing about this breach for over two months, it wasn’t until the cyber security community cried out in outrage that AA eventually admitted to the severity of the breach. No customers were notified by the AA directly.
No customers that were impacted were directly notified by the AA, despite the breach being discovered in April.
Everyone’s talking about cyber security these days, and there’s a seemingly endless list of protective measures to be taken to prevent cyber attacks. It can be a bit daunting, and at times hard to secure the right budget, so is all this hype about security really necessary? The short answer is – YES. The long answer is that in order to understand why cyber security has taken over the forefront of IT for businesses, you must first understand that cyber criminals are no longer just bedroom hackers; they’re a fully fledged industry.
Cybercrime costs the economy an estimated $450 billion globally
Cybercrime-as-a-Service is on the rise in a big way, with criminals constantly developing more advanced ways to steal businesses’ hard-earned cash over the internet. The industry continues to evolve and adapt and is now highly organised. All one has to do is log onto certain sites on the Dark Web and they’ll be greeted with professional hackers offering ransomware, malware, phishing, DDoS and much more as-a-service.