Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
October 17, 2022
If cybercrime held a popularity contest, password attacks would win first place. Password attacks are a go-to tactic used by cybercriminals to gain access to sensitive data and networks by “cracking” or guessing user passwords and using these credentials to take data (data breach) from networks. Cybercrime is getting more sophisticated each day. The bad news is that cyberattack tactics do not have to be innovative or advanced to be effective. The good news is you can protect your data and stop a breach before it even starts by taking steps to make sure passwords are long and complex, something that everyday people can play a huge role in.
In a word, people. People make passwords weak as we are conditioned into choosing passwords that are easy to type or remember. The same goes for the patterns we use to create passwords. After conducting hundreds of password audits, we’ve found that there are always common trends, such as capitalizing the first character of your password and either ending with an exclamation mark or the numbers one or nine — not to mention the reuse of passwords. According to PC Mag, 70% of people admit they use the same password for more than one account. As a result, they could be more susceptible to compromise if a third-party application were to be breached. Google shares that 43% of adults have shared their password with someone, and only 45% of adults would change a password after a breach.
Technology has changed over the last decade as far as password recovery. With the advent of artificial intelligence (AI) and machine learning, powerful graphics processing units are available among all the main cloud providers as well as specialized AI learning farms. There is also a tactic called password brute-force attack, an incremental permutation of every result. For example, if you wanted to brute force a four-digit number, you would try every number from zero to 9,999. This means you would need to test 10,000 candidates to say a brute-force attack of four digits was exhausted.
One caveat to a brute-force attack is a dictionary-based password attack. Most attacks use "dictionaries" or a list of every word in a dictionary to quickly identify passwords and what’s called "mangling rules," which is modifying or mangling words to produce other likely passwords (e.g., turning an "o" into "0" which far exceeds cracking times based on brute forcing each key space). And in using common words, these passwords might not even require a brute-force or dictionary-based password attack.
Seasons, years or easily guessable passwords such as ‘Winter2022!’ are commonly used. ‘Winter2022!’ is 11 characters long. In terms of guessing, each key space would take a long time. However, using common passwords can be recovered instantly. So, with the aid of technology, how long does it take to crack a password? The below infographic illustrates just how little time it can take to crack a password purely on brute forcing each key space, with the related cost to an organization.
According to Ponemon Institute, 75% of people said they don’t know how to create a secure password. And good password hygiene (strong passwords) doesn’t just apply to consumers. According to the World Economic Forum 2022 Global Risks Report, 95% of all cybersecurity issues can be traced to human error. Encouraging employees to use strong passwords is also important. The following are a few key best practices that everyday people and organizations can implement to enhance their own cybersecurity, creating a more secure world for everyone:
Updating your passwords to be unique, long and complex is one of the best ways to immediately boost your cybersecurity. Yet, only 43% of the public say they “always” or “very often” use strong passwords. And if you are a “password repeater,” once a cybercriminal has hacked one of your accounts, they can easily do the same across all your accounts. Password manager software can manage all your online credentials like usernames and passwords, storing them in a safe, encrypted database that generates new logins when needed.
One of the biggest reasons individuals repeat passwords is that it can be tough to remember all the passwords you have. According to Ponemon Institute, 53% of people rely on their memory to manage passwords. And the National Cybersecurity Alliance notes that 31% of people keep track of their passwords by writing them down in a notebook. With a password manager, people only must remember one password. In addition, password managers are incredibly easy to use and can automatically plug in stored passwords when you visit a site. (You can check out password managers and reviews through Consumer Reports.)
Eliminating the human factor from passwords has been the most successful implementation I’ve seen an organization do; however, they are still, to some extent, having to use passwords. The challenge is trying to come up with a solution to remove passwords altogether. The alternative is still a “password,” but is generated by IT using a YubiKey/biometrics or other form of authentication.
One of the best perks to this method is that it gives end users the capability to reset their passwords, and a simple way to enter their credentials into forms with a push of a button. It also provides the end user with assurance that their passwords are secure as they are automatically generated for them. Currently, there’s no known supported biometric system or secondary authentications for enterprise networks due to the nature of single sign on (SSO). In the meantime, everybody can do their part to secure their password by making sure it’s long and complex, thereby protecting their digital assets, online accounts and data.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
September 28, 2022
This post covers simple yet effective strategies to help you secure the talent you have, the talent you may need as well as securing your supply chain....
September 30, 2022
Reinforce the importance of cybersecurity best practices to your employees with these training slides.
September 17, 2021
As part of third-party risk management, we monitor risks based on services and vendor data.
Let us know what you need, and we will have an Optiv professional contact you shortly.