Even the inventor of the World Wide Web can be hacked. What about us?
Even the inventor of the World Wide Web, Mr. Tim Berners-Lee, can have his password stolen. The hackers were able to access IT resources belonging to the organization that governs the Web (W3C). This makes us wonder: Is there a company that isn’t vulnerable to this type of attack?
We all face the same problem: We are only as strong as our weakest link. Stealing the password belonging to a single employee, especially if their access level is high (for example, a manager), is sufficient means for a cyber-criminal to sneak into a company’s entire system.
According to a recent report by the Cloud Security Alliance (CSA), nearly a quarter (22%) of the IT breaches in companies began with asingle password leak. In addition, 65 per cent of the study’s participants believe that there is a medium to high chance that there will be future risks caused by a compromised password.
A fourth of IT breaches began with a single password leak
Like many others, Tim Berners-Lee’s situation could have been easily avoided. If an attacker gained access to the back door of the W3C it was because Berners-Lee repeated passwords. It is possible that he used the same password as the one he used for the IRC chats he used to communicate with his team.
The intruder initially got into the system using Berners-Lee’s information, then the same password opened other access points without problem. It was even possible to sneak into the web’s editing area, retouch the founder’s profile, and leave an encryption seal to prove that the cyber-criminal had been there.
To avoid being in this situation, there’s a simple and effective measure that should be followed by everyone in your company: use a different password for every service. That way, if one of your passwords is stolen, cyber-criminals will not have access to other resources belonging to your company.
Likewise, it’s also important to have a dependable security solution for your business to fall back on, like Panda Adaptive Defense 360, which is able to combat the theft of corporate information against both external and internal threats.