Preventing the next Malwarebytes breach: Get rid of passwords?
Posted January 27, 2021
- In a statement from Malwarebytes, the hackers breached the internal systems by way of a dormant email protection product within their Office 365 tenant that allowed access to a limited subset of internal company emails.
- “The Malwarebytes incident highlights that malicious actors are determined and will exploit any weakness in the system they can find – from out-of-use applications to the CEO’s email account. In this case, they gained access through a dormant email protection product,” says expert Shimrit Tzur-David, CSO and co-founder of Secret Double Octopus, a provider of passwordless authentication.
- Poor authentication poses a huge risk to network security that can lead to enormous consequences, Tzur-David notes. “After all, over 80% of data breaches stem from compromised credentials. However, no amount of complex password policies can ever get rid of the biggest weakness enterprises face: the human factor. Of course, humans are not computers, and remembering long strings of complex passwords is difficult. As a result, many people reuse or employ weak passwords- a fact that hackers know and exploit to their advantage.”
- Simply getting rid of passwords is not easy, but would stop hackers earlier in their tracks and lower the risk of being a target.
- Enforcing better policies like educating employees and implementing MFA solution is crucial.
| January 27, 2021