Locks and Security News: your weekly locks and security industry newsletter
7th December 2022 Issue no. 634
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Every organisation should act now to stop COVID-19 cyber-attacks exploiting weak passwords
Authlogics, the UK-based identity and access management specialists, has responded to advice from the National Cyber Security Centre (NCSC) for organisations to use better password management, in order to protect themselves against organised COVID-19 cyber-attacks.
The company is providing its Password Breach Status and Active Directory Audit Report free-of-charge, enabling organisations to check in minutes against the Authlogics Password Breach Database (a live report of more than 2 billion records), to determine if and to what extent they have been compromised and exposed.
The Authlogics Reports include:
- The total number of breached credentials found in Authlogics Password Breach Database.
- The email addresses of the most breached accounts in the organisation.
- A per user risk rating, including if they have used their network password for public logon.
- Next steps on how to secure the organisations infrastructure, comply with new regulations and follow best practice.
Last week, it was revealed by the government that the UK is being targeted by state-backed cyber-attacks. The news follows a worrying report in March from the Department for Digital, Culture, Media and Sport that almost half of all UK businesses experienced a cyber-attack in the past year, meaning that vulnerabilities exist and are being exploited. The NCSC is urging employees working in healthcare and medical research to change their passwords, as well as encouraging two-factor authentication to help defend against password spraying attacks.
However, as an Operations Manager at an NHS Foundation Trust explains, the process isn't that straightforward for many organisations: "You can ask staff to reset their passwords, but the tools available to confirm that the password chosen is of adequate strength and complexity are typically manual, time consuming and do not allow a fast-enough response time." Adding: "What's more, if the most complex and sensible password is mismanaged, or has been previously compromised, its strength is diminished."
The solution for this NHS Trust was to work with Authlogics, to understand its password breach status and then install its award-winning Password Security Management (PSM) and Multi-Factor Authentication (MFA) suite. The comprehensive suite of tools allows IT managers to improve their overall security posture and give businesses a simple, secure, and compliant authentication method for their users.
Now when a member of the Trust's staff attempts to create a new, Authlogics PSM automatically cross-references the proposed credential against NIST SP 800- 63 Digital Identity guidelines for good password practice, and simultaneously, it checks against the Password Breach Database. If the password has been previously breached, the user is prompted to choose an alternative. The entire password checking and resetting process can be completed in under a second.
Authlogics provides public and private sector organisations around the world with a unique and cost-effective alternative to traditional authentication methods. Its CEO, Steven Hope, states: "The message that using the same password for different accounts, overly simple logins and sharing credentials has been elevated to the level of national importance." Hope continues: "As a matter of national and corporate security it is vital that every organisation acts today, to ensure they are not the weak link in the chain. With so much disruption and distraction already facing companies, a successful cyber-attack resulting from poor password management is both unnecessary and avoidable."
In addition to receiving a free no obligation Password Breach Status Report which is available here: https://authlogics.com/password-breach-check, Authlogics is also offering its Password Security Management software (as used within the NHS) free for 30-days, with installation taking just one-day. For more information contact Authlogics on Tel: 01344 568 900 or Email: [email protected]
13th May 2020