In this series, ProCircular’s team of information security specialists will break down the top cybersecurity risks for small and medium-sized businesses in 2023. How do SMBs prepare for cybersecurity threats and prevent security incidents? Trevor Burke lays out the special precautionsorganizations can take to lower the likelihood of incidents caused by internal threats.
Topics: Data Protection & Privacy, Security Awareness, Advisory & CAP
When in doubt, try "Password123" - How I guessed your password
During a penetration test, login credentials are a highly sought-after item. While it is common to harvest that information via email scams (phishing attacks), it is not always the most practical or effective tactic to gain unauthorized access. That access, however, still requires a valid set of credentials. This poses a challenge. How does an attacker find valid accounts without social engineering? There are two main options: breached credentials and password spraying.
Topics: Data Protection & Privacy, Security Awareness, Monitoring & Detection
In security, it’s often said that you will have little success within an organization if you do not have buy-in from management. However, there’s a larger group that is often-overlooked though critical to a successful security program. And they impact all aspects of your security posture. That group, of course, is the end users.
At this point, everyone has probably heard a speech about how important it is to have a strong password. It is true that a strong password is extremely important in preventing an attacker from guessing or cracking it. However, it does not help against those annoying and ever-present phishing attacks when a user unknowingly hands over their password. And unfortunately, it’s almost inevitable that this will happen. This means that there will always be a question about the security of a password.
