It won’t be long; soon, everything in our lives, from furniture to coffee makers, will have the ability to be “intelligent” but also potentially vulnerable to data breaches. Several reports estimate that between 30 and 200 billion devices will be connected to the Internet. Also, by 2024, the weight of Cyber Crime on the global economy will go from 650 billion dollars to 1,000 billion dollars (IDC data).
And as the value of personal data has increased, the focus of cybercriminals has changed in recent years: Hackers now focus on information that is often and easily found on connected devices.
As hackers’ goals continue to change in the face of the proliferation of IoT, the challenge will be to mitigate attacks in advance, according to Sam Phillips, VP and general manager of Samsung Business Services. It is important for companies to be cautious and to design the security of their products well before they are distributed.
There’s no doubt the surge in Internet-connected devices is creating a wealth of new attack opportunities for hackers: Markets and Markets predict that the global security market in the Internet of Things (IoT) will grow to $28.90 billion.
When it comes to limiting current cyber risks, more is needed to ensure compliance of your systems with regulations or adopt standard solutions. We need to invest in knowledge. “This is a big challenge company face today, which is a lack of talent in the security industry,” Tom Eilers, director of Intel’s Government and Education Solutions Center, said at a recent conference in Cambridge.
According to Eilers, we would be in the presence of a deficit of at least 40% in terms of available talent, and this number would seem destined to increase in a couple of years. The solution? Must the education system continue to generate next-generation coders and cyber warriors? There is no other way out.
This, at the macro scenario level, emerges from all the debates on Cyber Security and Data Breaches. We should ask ourselves about it because, according to a survey conducted in Italy by Vanson Bourne on behalf of VMware, the dangers also lurk within companies: 31% of IT decision-makers interviewed think that distracted employees represent the main threat or are not educated in IT security. But what can we do to minimize the risks? Let’s try to learn something useful from recent news stories.
LinkedIn recently confessed that “some” of its user data was breached in 2022. Initially, a rough figure was thought to be around 6.5 million victims, but now it appears many more have been affected. What are the lessons to be learned? Here are some simple tips to avoid unpleasant incidents on the web.
Table of Contents
Change your password
This is the biggest lesson to emerge from this attack, even if the price tag is a treasure trove of 167 million LinkedIn identities now for sale on the dark web. Data stolen during the breach, including LinkedIn passwords and email addresses, is on sale for about $2,200 in bitcoin. Passwords were stolen using the SHA1 algorithm, which generates random characters: this suggests how relatively easy passwords entered by users are to decipher.
Not all encryption is created equal.
LinkedIn passwords were encrypted, but the company was using a relatively weak algorithm. In the event that businesses or consumers rely on encrypted passwords, they must ensure that the chosen service uses a strong procedure.
Data Breach: It is important to use good breach investigation tools
Security experts find it shocking that LinkedIn hasn’t been able to quickly and securely establish the extent of the breach, but this is likely the condition of many companies.
“The fact that such a huge number of credentials have been available to hackers for so long is deeply concerning,” said Trent Telford, CEO of Covata.
Having tools suitable for detecting intrusions and attacks is essential, and it is better to run for cover before the damage is done.
Use two-factor authentication whenever possible.
After the 2022 data breach, LinkedIn enabled two-factor authentication (2FA) through text messages (SMS), implementing an element of security even for those who had not yet reset their password. In light of the ever-escalating number and size of breaches, security experts are advising users to use 2FA.
“Passwords are a relic from a bygone era, and they simply don’t provide adequate protection for the volume of information we all place online,” said Brian Spector, Chief Executive of MIRACL.
Change your passwords regularly.
It’s impossible to know with absolute certainty whether or not our password has been compromised, so changing it regularly ensures that your risk exposure is minimized even if it is breached.
Never use passwords across multiple accounts.
This has been rumored for many years now, but research indicates that password reuse is still very common. Creating unique passwords for each online service ensures that the others remain secure even if one is compromised. So, the converse is also true. If passwords are reused, and one of our accounts is compromised, all others for which we use the same password are also at risk.
“Even though LinkedIn has taken the precaution of invalidating the passwords of hacked accounts, many users likely continue to use the same password across multiple online accounts,” said Liviu Itoafa, a researcher at Kaspersky Lab.
Email addresses are useful for hackers.
Finally, the latest LinkedIn data breach news highlighted the fact that passwords aren’t necessarily the most valuable asset to hackers. Tod Beardsley, Security Manager Rapid7, said the most valuable asset is the huge registry of email addresses linked to professionals on LinkedIn, a real godsend for spammers:
“While people’s passwords can and should be changed periodically, email addresses and usernames sit through the ages without easy mechanisms to change them.”
Also Read : Cloud Backup