Research, news and updates on threats and cybersecurity
Enable automated password policy enforcement with daily password auditing and customizable remediation. With compromised password detection, custom password dictionary, fuzzy matching with common character substitutions, and continuous ongoing monitoring; enterprises can easily adopt NIST password requirements and eliminate vulnerable passwords in Active Directory. Organizations can adopt NIST password standards to screen for weak, commonly-used, expected, and compromised passwords. Then they …
The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies.
We seem enamored with the idea of a ‘passwordless’ society. Not just because it would be an indicator of secure networks, but because trying to keep track of tens of unique, complex passwords is not ideal. There has been plenty of industry and media buzz around the concept of passwordless authentication strategies. Particular attention is paid to strategies like biometrics—which …
Each month that passes, the cybersecurity industry continues to struggle with new hacking techniques, rapidly evolving threats, and how to communicate the severity of the issues to organizations. One problem that can’t necessarily be solved by cybersecurity professionals is the broad category of ‘human error’. In his IT Toolbox article, Josh Horwitz (COO of Enzoic) discusses whether or not Artificial …
How School Districts can defend themselves from increased cyberattacks. While there are changes for each generation of students to experience, it’s safe to say that the impact of the pandemic on the scholastic world in 2020 was dramatic and immediate. The transition from in-person classes to web-based learning was startling for everyone, but especially K-12 students because of the rigid …
Multi-factor authentication (MFA) is one of many tools in your cybersecurity toolbox. Strong MFA will form layers of security between bad actors and your data systems and accounts. But if you’re relying on MFA to guard your system from cyber threats alone, you could be more at risk than you realize. MFA can be powerful protection, but it isn’t infallible. …
Cyberattacks continue to have a massive economic impact on local and state branches of governments across the U.S. When sectors of government are breached, the credibility of their institutions is jeopardized, leading to a negative cycle of resource allocation. When focusing on municipalities, it’s particularly easy to see how detrimental the impact can be. A Perfect Target Municipalities are ideal …
Since coming into effect May 25, 2018, the European Union’s General Data Protection Regulation, or GDPR, has substantially changed the way businesses around the world are required to operate. At its heart, the law is designed to protect the sensitive data of EU citizens and impacts any company handling this data, whether they are in the EU or not. Given …
Microsoft Active Directory (AD) is ubiquitous across the corporate landscape; you probably use it to authorize access at almost every level. Due to its popularity and importance, AD is a perfect target for cyber attacks. Hackers frequently use password spraying and credential stuffing as attack methods, especially against AD. With many traditional password ‘best practices’ being outdated, are you prepared …
In the current business landscape, the largest threat to an organization is a data breach. Data breaches end up costing businesses a significant amount of lost time and revenue and can lead to a loss in consumer confidence for the business as well. So then, what is the largest reason leading to a data breach? According to Verizon’s annual report, …
When hackers target your organization with a password spraying attack, hackers are betting that one (or more) of your employees is logging in with a commonly used password. Threat actors adopt this attack method because it can be done slowly enough to avoid account lockouts. This is just one type of password attack that could hit your organization, and cyber …
As recent reviews have shown, upwards of 80% of hacking-related attacks involve compromised credentials. Threat actors can target individuals and companies through many different types of cyber attacks, but where does their information come from in the first place? It’s easy to find lists of usernames and passwords, sometimes for free, but more often for sale online. In fact, according …
