A common thread could be weaved through the high profile data breaches that took place in 2012. Attackers are targeting basic security lapses and configuration errors or bypassing security systems altogether by using stolen account credentials to appear as a legitimate user on the network.
In this edition of the Security Squad podcast, the SearchSecurity editorial team discusses some of the lessons learned from the top breaches of 2012. From source code leaks tocredit card data, from poorly protected email and account credentials to intellectual property, attackers demonstrated that they can get into corporate systems and often remain there undetected for extended periods.
Emerging password alternatives have some complex hurdles to climb before becoming mainstream. Multi-factor authentication is being implemented by more websites, but implementation needs to be rolled out systematically and more of an effort needs to be made to encourage people to more broadly adopt the protection.
Security awareness training is essential in reducing social engineering attacks, but the training must be done in a way that makes it personal for the end user. Programs that teach employees how to protect their children and their banking activities could eventually foster awareness and translate into better protecting the company data, experts say.
Listen to the Security Squad podcast or right click and download the MP3.
Source link: http://searchsecurity.techtarget.com/news/2240175306/Stolen-credentials-basic-security-lapses-at-core-of-2012-breaches