Wednesday, April 5, 2017

The shoemaker's son...

The report of the week

The popular collection of sayings is full of wisdom and it is always useful to give a good advice in the form of a metaphor, whether we are kidding or we are mean it. Sayings such as "it is the early bird that catches the warm" or others as resorted as "feast today, famine tomorrow" are some classics that we have heard more than once from our parents and our grandparents. And although they may sound obsolete, they are currently used in both the real world and the cybersecurity world.

Today it is impossible not to remember the saying "The shoemaker's son always goes barefoot" when reading the report collected by our collegues from Dark Reading. The study carried out by Thycotic gathers the testimonies of around 300 professionals of the sector who attended the RSA Conference of San Francisco held during the month of February. The main reason for the survey: how cybersecurity experts treat security of their own passwords.

The most striking fact is that more than half of security experts have not changed their passwords on social networks throughout the year, and even a fifth of them have never done so. In addition, more than one-third of them use their date of birth, postal address or the name of their children or pets for their work passwords.

These practices go against the industry's famous mantra that highlights the need to frequently change passwords and make them as complex as possible. Needless to say, the lack of participation in these practices can potentially lead to cybercriminals not only infiltrating social networks of security professionals, but also possibly social engineering or phishing in their work accounts.

In order to have a better understanding about why security professionals do not always practice what they preach to protect their passwords away from work, we must get an idea of the challenges they face in their daily lives. As a general rule, security experts are aware of the potential dangers of single sign-on passwords and they shall have separate passwords for each account they have, whether the account is professional or personal.

This is where password management tools become essential. However, the vast majority of cybersecurity professionals do not use such tools. Thycotic’s Chief Security Officer, Jason Carson, pointed out in a landmark survey taken over a year ago to more than 1,000 security professionals that only between 10% and 20% of participants indicated that they used password management tools.

Thus, this data becomes worrisome because according to Forrester, 80 percent of all cybersecurity attacks involve a weak or stolen password. The results of the survey also found a disconnection within the security industry between security professionals and their own actual security habits.

If we want to give cybercriminals a hard time, those who deal with online security have to be the first to practice what they preach and get their act together to make their passwords safer. However, as much as cybersecurity experts forget to protect their social networks, we do not want you to take example of it. That is why we want to remind you of another saying that you have probably heard from your parents: "Do as I say and not as I do."



Post a Comment