Thanks for reading this month! We hope you’re learning more about cybersecurity. As you’ve hopefully observed, it’s never been more important for businesses to have an effective security plan.
Let’s get back at it with the next type of threat on the list: Denial of Service (DOS) Attacks.
Yes, this one’s pretty scary too. It happens when legitimate users cannot access information systems, devices, and other network resources because hackers have shut them down and seized control. There’s also a Distributed Denial of Service (DDOS) Attack, which happens when multiple computer systems flood their target with enough traffic from a “botnet” (a group of malware-infected private computers across the internet) to crash the server. If you’ve ever been asked to prove you’re not a robot when entering a website, this is the reason why.
These attacks are rudimentary, but they can cost organizations time and money while their people are unable to access resources for anywhere from days to weeks. The record for the number of DDOS attacks launched per year was broken in 2020 with 10 million, a 20% increase from 2019.
Ransomware is probably the most intimidating form of DOS attack, as the Colonial Pipeline found out earlier this year. The sad thing is, that attack happened because of one compromised password.
Can it really be that hard to keep your passwords secure? The truth is there are at least 7 types of password attacks, and it takes a strong, dynamic password management plan to guard against them.
The more well-known attacks include:
- Brute Force: Much like it sounds, numerous guesses are made to crack the password and gain access. A simple but usually automated form of attack.
- Credential Stuffing: Another type of brute-force attack involving trial-and-error using stolen credentials.
- Dictionary: A variation on the brute-force attack that involves commonly used words and phrases and oft-used passwords.
- Man-in-the-Middle: An attack involving the user, the attacker, and a third party. Cyber criminals imitate a legitimate third party, usually via phishing emails that try to convince the third party to click on a link leading to an apparently legitimate website, thus allowing the attacker to collect user log-ins.
- Keylogger: Spyware that records the user’s keystrokes.
- Password Spraying: Yet another form of brute-force attack where a large number of common passwords are used on a small number of accounts, even just one.
- Phishing: A versatile attack that can be as simple as one email or as complicated as a multi-step attack involving voice calls.
So how do you protect your company’s passwords? The only choice is to create and carry out a password management plan that is up to date with best practices. This includes:
- Creating lengthy, complicated passwords for every account
- Using multi-factor authentication everywhere you can (this creates an additional barrier to keep out hackers)
- Utilizing a password manager to safely manage and store all passwords
Managing your passwords, limiting access to privileged accounts, and adding additional layers of security is something a solid tech partner can do to help back up your plan. Having employees and other company players learn about password security is also a crucial step.
Next we’ll be examining what happens when your company’s website is attacked, and what you can do about it. Stay tuned!