Friday, October 29, 2010
38% OF PAYMENT CARD BREACHES WERE DUE TO ABUSE OF ACCESS PRIVILEGES AND GUESSABLE CREDENTIALS: STUDY
The report lists out top threat actions based on 2008-2009 payment card breaches investigated by Verizon IR team. Of the ten threat actions, exploitation of default or guessable credentials and abuse of system access/privileges are found to be the cause for 38 % of the breaches.
Time and again, we have been highlighting in this column two very important facts:
the security threats caused by the insiders of the enterprises - either disgruntled staff or greedy techies or sacked employees
stolen identities, default credentials, guessable passwords could be serving as the ‘hacking channel’ for many cyber-crimes
The Verizon study once again lends credence to the belief that Improper management of the administrative passwords and lack of effective internal controls often remain at the root of a good number of security threats.
What is the way out?
One of the effective ways to achieve internal controls is to deploy a Privileged Password Management Solution that could replace manual processes and help achieve highest level of security for the data.
Though the reality is that it is not possible to prevent/avoid all security incidents, the ones hat happen due to lack of effective internal controls are indeed preventable.
Password Manager Pro, a trusted solution precisely helps achieve this. A secure vault for storing and managing shared administrative passwords and digital identities, Password Manager Pro helps eliminate password fatigue and security lapses, achieve preventive and detective security controls, meet security audits and improve IT productivity.
With insider threats looming large, taking preventive action is the need of the hour. Use Password Manager Pro and Stay Secure!
Complete details of the Verizon 2010 Payment Card Industry Compliance Report: http://www.verizonbusiness.com/resources/reports/rp_2010-payment-card-industry-compliance-report_en_xg.pdf
Bala
Saturday, November 21, 2009
How to combat increasing cyber security threats?
Lack of well-defined internal controls and access restrictions generally pave the way for security incidents. Particularly, as stolen identities seem to have served as the ‘hacking channel’ for many cyber-crimes, improper management of the administrative passwords is believed to be at the root of a good number of security threats.
Security experts strongly believe that many security incidents (though not all) are actually avoidable by placing access restrictions and well-defined password policies.
How can we combat the threats?
Read my article on 'Combating Cyber Security Threats' in Express Computer (Nov 23rd issue):
http://www.expresscomputeronline.com/20091123/technology04.shtml
Bala
Thursday, November 19, 2009
How do you manage website passwords?
Just reflect on the following questions:
- Do you face problems in remembering the credentials of website login accounts?
- Do you have a large number of web accounts and wish to automatically login to the sites without manually entering the user name and password?
If the answer to the above questions are 'yes', you must take the services of a password manager. ManageEngine Password Manager Pro is there to help you!
By simply storing the URL of the web page and the login credentials, you can launch direct connection to the required website from Password Manager Pro. That is, the URL of the website would be visible in Password Manager Pro and upon clicking that you will be logged in to the website directly.
There is a step-by-step tutorial on how to implement this feature. Along with the textual explanation, the tutorial contains a two-minute video presentation at the end. Don’t forget to check that out too!
Bala
Wednesday, November 11, 2009
Have you ever revealed your administrative passwords to your colleagues?
Have you ever revealed the administrative password of an enterprise resource to your colleague? And do you strongly believe that your passwords remain secure even after telling others? If so, you must read this interesting survey done by SecurEnvoy.
The survey results reveal that 75% of UK employees have admitted that they have told at least two other colleagues their corporate passwords.
SecurEnvoy states that while workers are trusting of their colleagues, it may not be a great idea to share passwords so easily since it can compromise one’s entire work life.
The concern raised in the survey is well-founded. Enterprises - big and small, face security issues and outages quite often. After all, mis-management of administrative passwords lies at the root of all security issues.
It is always good to avoid sharing of administrative passwords. But, what if your business needs demand that you seletively share passwords with others and yet ensure high levels of security? Caught in a catch-22 situation, right?
But take heart, you have ManageEngine Password Manager Pro for your rescue. Using this Enterprise Password Management Solution, you can store thousands of administrative passwords in a centralized repository and selectively share the passwords with others. You can have the trail of 'who', 'what' and 'when' of password access. The passwords are shared, yet remain highly secure. Exactly what you want!
To know more, visit ManageEngine Password Manager Pro
Bala