(Not So) Top Secret: The Cybersecurity Bad Practice to Avoid According to the US Government

Kevin Klitzke

October 19, 2021

The recent T-Mobile attack breached the data of over 50 million accounts. It’s an astonishing number, but it’s just the latest in a slew of massive cybersecurity breaches that have garnered national and worldwide attention.

With ransomware-as-a-service, cybercriminals can paralyze pipelines and compromise millions of accounts with just a few keystrokes. It’s a messy cybersecurity world today’s organizations have to live in right now.

In response, the US government has responded with a new ransomware website for the Cybersecurity and Infrastructure Security Agency (CISA). On the site, CISA is developing a catalog of bad practices they deem exceptionally risky. What’s clear? Hacks often take common attack pathways, specifically targeting organizations’ use of default passwords and credentials — a bad practice that accounts for most breaches.  

 

You Give Cybersecurity a Bad Name

The use of known, fixed, and default passwords leaves your organization wide open to attack, according to CISA. It’s dangerous and significantly elevates risk with over 25% of breaches as a result of stolen credentials, according to the 2021 Verizon Data Breach and Incident Report. This hazardous practice is especially egregious in internet-accessible technologies, like when you purchase a router or off-the-shelf part that you weave into your organization's technology stack. Most of the time, these routers have a default (and well-known set of credentials) to simplify the configuration process. 

When organizations don’t change these default passwords, they leave themselves wide open to attack on their critical edge infrastructure. Routers aren’t the only culprits. Many other crucial components of your technology stack and applications have similar default passwords. What’s more worrisome is that these tend to be for administrative “root” accounts at the center of privileged access. This type of access can give hackers nearly universal access to your IT infrastructure. 

 

The Promise of a PAM Solution

Known credentials and privileges are power to cybercriminals, but you can take it back. Password management and privilege protection are part of future-forward privileged access management (PAM) technology such as the Hitachi ID Bravura Security Fabric

The single open architecture platform is the industry’s most extensive organically grown connector portfolio. The fabric includes two powerful plugins that will streamline the passwords end-users login with and make authentication into a privilege system much more secure.

With Azure AD Password Protection, the Hitachi ID Bravura Security Fabric automatically applies default global banned passwords to all users in an Azure AD implementation. To support business and security needs, you can define entries in a custom banned password list. When users change or reset their passwords, the system checks them against the prohibited password list to enforce strong sign-on.

  • The Hitachi ID HaveIBeenPwned Plugin enables organizations to automatically check and ban passwords reported as    compromised in a data breach on the HaveIBeenPwned website.

 

The Start of Something New

These two plugins are only the beginning. The Hitachi ID Bravura Security Fabric offers a robust API platform to complete your security strategy — integrating natively with other security systems and implementations at whatever stage of your enterprise cybersecurity journey. 

Taking action on credentials and privilege is a vital  first step toward Zero Trust. With a future-forward Zero Trust modernization strategy that meets the latest federal recommendations.

Your organization can learn more about Zero Trust and preventing ransomware at the second annual Power of One virtual conference. Additionally, we are hosting a webinar, Confidently Facing Active Threats: What’s New from Hitachi ID, that will cover many of the new features coming in the 12.2 release of the Hitachi ID Bravura Security Fabric, including the Azure AD Password Protection plugin. 

 

Register Now