What, Where & Why?
‘Just’ a password breach can cost you $4.5 million!
Yes, it is shocking, obnoxious, yet true! Recently, a reputed life science and biotechnology company based out of the United States of America faced a penalty of $4.5 million to settle regulatory charges that lax mandatory security protocols.
A year ago, a cyber incident in the organization compromised the Social Security numbers, health histories, and other information of about 2.4 million patients.
Post investigation, it was revealed that –
- The cybercriminals accessed the organization’s network using a couple of log-in credentials shared by five employees.
- One credential among them was not changed for almost a decade.
- There has been no definite password management policy and no signs of automating password generation/ rotation in the last few years.
- The victim organization was not complying with the necessary and relevant regulatory standards.
What is the Risk?
A healthcare (precisely biotech) organization present in six different countries worldwide has a sea of confidential, business, and research data. Naturally, they had to manage a vast network user base comprising IT administrators, privileged users, general users, and ad hoc privileged users who continuously interact with and access patients’ data, medical history, and lab research reports. Hence, the risk of data breaches is also higher.
Passwords are the first gateways to critical IT infrastructure; if they are vulnerable to threats, they can lead to catastrophes. Poor password management can lead to significant risks –
- Data Breaches/ Data Loss
- Identity Thefts
- Disruption of Services
- Financial Loss (ransomware/ non-compliance penalties)
- Phishing Attacks
- Reputational Damage
- Compromise Confidentiality
The Economic Times say that cybercrime is set to cost the global economy more than $3 million in the coming days, and some 80% of these attacks are related to password abuse or password breach. Passwords are the keys to access enterprise business assets and if it is compromised, the confidentiality of the data assets turns to be at stake. The risk multiples in the case of privileged passwords and even the smallest of a single password vulnerability can lead to catastrophic consequences.
What is the lesson learnt and what are the recommendations?
In the above incident, inadequate/ poor password management led to disastrous consequences. Enterprise IT environments must follow standard password management practices.
ARCON’s password vault enables organizations to generate complex, randomized passwords for privileged accounts that cannot be easily interpreted. It also allows organizations to enforce password policies, such as password expiration and the extent of complexity and rules, to ensure that passwords are updated regularly and meet the organization’s security standards.
This robust and essential feature of ARCON | PAM (Privileged Access Management) eliminates the need for end users to remember and share passwords and lowers the risk of password misuse. It also provides an audit trail of all privileged account password access, including who accessed the password, when, and for what purpose.
Here are some typical and everyday tactics to ensure password security:
- Always avoid using default admin passwords
- Passwords must never be maintained and shared in excel sheets
- Implement a mechanism to randomize and rotate passwords at frequent intervals
- All passwords should be vaulted and encrypted
- Well-defined password management policy must be mandatory
The Bottom-Line
There is no alternative to secure password management. Inadequate/ Irrelevant password protection measures lead enterprises to face the risk of permanent loss of its integrity.