Diary of a Security Operations Centre Agent: Week 2
Guess what day it is? Yep, It’s another security incident day.
As a Security Operations Centre (SOC) Agent, it shouldn’t come as a surprise that I deal with security breaches quite a lot.
But what surprises me most is the most common reason for the majority of these incidents is human error.
Maybe I shouldn’t be. According to a report, human error contributes to 82% of security breaches. Can you believe that? 82 per cent! So there you go. Hackers have another victim today.
What’s the reason for today’s breach? It’s so obvious, yet most of us tend to ignore it.
Drumroll, please… Reusing passwords across multiple websites! Yes, we’re almost in 2024, and you might think it’s common knowledge now not to use the same password for multiple accounts, but unfortunately, it’s not.
Too often a less secure site is breached by bad guys, they steal all the users passwords, then try out those passwords on the extremely secure sites like banks. If you’ve used the same password for everything from a public wifi log in to your online banking, you are really exposed.
Sure, you might be a pro at dodging phishing attempts and avoiding malicious links, but hackers have an arsenal of tricks up their sleeve, and phishing is just one of the ways to gain access to your system.
If your password is as common as ‘12345’, it’s most definitely lounging on the dark web. Or if your account has been breached once, and the password hasn’t been changed since then, again, hackers can easily access this from the dark web.
Criminals get hold of username-password pairs from the dark web and test them on various platforms using a tool. And voila, in no time, they are in.
They can access multiple accounts using the same stolen credentials if one account is compromised. You make the life of a hacker really easy if you end up reusing passwords across sites. In this case, our victim surely did.
Now, what’s the solution?
It’s hard to remember a gazillion passwords for so many different websites. I completely get it.
You can use a password manager, but they are equally vulnerable to getting hacked. But choose one from a trusted provider that offers strong encryption. And follow best practices for managing your password manager just like any other website.
Or, have an offline password manager that offers better security than those that store your data on the cloud. But really, nothing can save you if your password is still ‘password123’.
What happens when an attacker gains entry to your system? They’ll try to move laterally to elevate their privileges and access machines where more sensitive information is stored.
So I have to run and stop them before that. And think about ongoing security training sessions for everyone.
That’s it for today.
Until next time, stay secure and savvy!