Why The Human Element Is A Security Concern

Companies who don't take the human element into account when assessing their IT modernization and legacy application requirements could be leaving themselves open to a potential data breach.

Despite a regular drip-feed of media headlines that highlight the importance of a strong or complex password, it appears that people are still blasé about online security. Computer users are constantly being told that hackers are becoming extremely proficient at cracking passwords, so much so that a weak password is basically an open invitation. Let's not forget that those with malicious intent don't just sit down in front of a terminal and randomly input guesses, rather they are more than aware that most people don't take the time to make their personal or workplace passwords as secure as possible.

Weak Passwords Remain Popular

Gizmodo reported that an annual list of the most popular passwords revealed just how welcoming people are to hackers. Security provider SplashData releases its list of common passwords every year and every year the usual suspects are at the top of the chart.

For some inexplicable reason, people still think that "123456" and "password" are strong passwords, while "qwerty," "letmein" and "login" all make the top 15. In addition, "starwars," "football" and the ironic "trustno1" have all become popular in the last 12 months. 

"Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, 'starwars' is a dangerous password to use," said SplashData's CEO Morgan Slain, according to Gizmodo. "Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words."

The 2017 list is based on more than five million leaked passwords and, the news source said, were predominantly from online accounts in the United States and Western Europe. On the plus side, the list did not include the recent breaches from adult websites or the three billion accounts that were part of the recently-revealed Yahoo hack in 2013.

The importance of a strong password becomes even more relevant when you take into account the connected society. As more companies either complete or begin their digital transformation, there is an expectation that enterprise IT will adapt to more stringent cybersecurity protocols. With that in mind, it is reasonable to assume that employees will be made aware that they should not leave the company door open to hackers, especially if those companies have a BYOD policy in place.

Hackers Want To Harvest Information

A recent study by researchers at the University of California, San Diego, found that around one percent of websites had experienced a data breach in the last 18 months, with email accounts often the point of access. Science Daily reported that the research team was surprised to learn that these data breaches were not limited to large companies or popular websites, with the team using a digital tool to determine the level of the breach. 

"One percent might not seem like much," said computer scientist Joe DeBlasio, a Ph.D student at the university and one of the authors of the study. "But given that there are over a billion sites on the Internet, this means tens of millions of websites could be breached every year."

The research team said that hackers were rarely using the email accounts to send spam, rather they were just being monitored for traffic. According to DeBlasio, the main purpose of the hack was to harvest information, such as bank or credit card information and potentially sensitive data.

To complete the study, the researchers reached out to the breached websites' IT security teams to warn them of potential vulnerabilities. Somewhat worryingly, not one of the companies contacted passed this information onto customers. 

New Year, New Dangers

As we noted above, data breaches are part and parcel of the digital world that we inhabit. CNN reported that the last 12 months was notable for one bombshell hack after another, with global losses from ransomware and compromised business email scams expected to be in the billions in 2018.

If that prediction runs true, then it becomes even more important that companies take a long hard look at the security protocols they have in place and, if necessary, make certain that people are aware that easy-to-remember user-generated passwords are not sufficient. And while professing a love of Star Wars can generate the perfect password, it is worth remembering that there are thousands of people who are happy to turn to the dark side to gain access to information. You have been warned.

The Inventu Corporation is ready and waiting to help out. As the computer and software industry has evolved, the need for ongoing IT modernization has become a prime factor for decision makers and business leaders. Moving to Inventu's Flynet Viewer for terminal emulation enables use of the best and latest security options, including multifactor authentication (the best way to avoid password hacks). For more information as to how Inventu can ease the process of updating legacy applications, contact us today or review our product portfolio.