By now, you’ve all seen the headlines: Dropbox was breached well over four years ago and just now the true impact of that breach is coming to light: nearly 70 million accounts were impacted. That’s not a small number. But what’s even more interesting – and we’ve been warning companies about this for a while – is that this breach was apparently tied to a different, also very high-profile, breach. The Dropbox employee whose password was exploited in the breach originally had his password exposed in the famous LinkedIn breach.
This illustrates an interesting ‘chaining’ or ‘domino effect’ that data breaches can have across multiple organisations.
And, it’s our new reality.
Employee access credentials to systems and sensitive company data are of high value to a hacker. Identity has become the new attack vector. And hackers are all over that fact – finding those orphaned accounts to grab and log-in to behind the scenes without an IT admin even knowing about it. Or, taking stolen credentials from one breach and using them to access another web site as was with the case of Dropbox. All because an employee chose to reuse a password across multiple sites – a very common occurrence.
Often, it comes down to password hygiene as the starting point to stronger and smarter access management. I’m still blown away by the fact that our Market Pulse Survey revealed that a whopping 65% of survey respondents admitted that they routinely reuse passwords across multiple applications and websites. But you don’t need survey stats to understand the severity of the problem – taking a look at the headlines is more than enough to illustrate the issue.
In reality, the Dropbox incident could have been far worse had the impacted passwords not been encrypted. Rather than needlessly put yourself – or your employer – at risk, take a minute to adhere to some password management best practices, as not every application you use will have that added layer of protection that Dropbox did. Use a unique password for every application. Make sure the password is long and more complex – ideally twelve characters should be thought of as a minimum. And, it should go without saying that with an identity governance solution in place, enterprises can ensure that every person with access to any data or systems adheres to strong password management practices like these.
It’s become very clear, between Dropbox, the ‘chaining’ effect back to the LinkedIn breach and the numerous other data breaches making headlines literally every day, that the identity of our people is in the crosshairs. Protecting Identity is key: to the safety of our own personal data, to the security of sensitive company data and files, and, to the safety of sensitive data in an organisation that may not even be linked to your own. Understand who has access to what, what they’re doing with that access, and manage that access throughout each users’ lifecycle and you’ll be well on your way to a smarter, stronger, and more proactive approach to not only identity and access management but to the overall IT security posture of your organisation.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…