Cybersecurity is a major concern for organizations and businesses in all sectors of society. The predominance of digitally stored information presents a bonanza for unscrupulous cybercriminals to pillage for illegal gain. Data breaches are announced weekly and you can be sure that many more occur and are not announced by the victims. The average cost to companies hit by a data breach is close to $4 million.
For hackers to steal your data, they need to get into your systems. Since you are probably not inviting them in willingly, this means that achieving unauthorized access is the primary goal of cybercriminals. Gaining entry into a system with a compromised password is what every hacker is trying to achieve. They use a variety of methods to try and obtain this critical piece of information.
Types of Password Attacks
Hackers employ a number of methods in their attempts to obtain login credentials with which to gain entry to an enterprise’s IT environment. Here are some of the ways that your systems may be being attacked at this moment by individuals or coordinated teams of cybercriminals.
- Brute force attacks are conducted with computer programs that try different combinations of characters in the hope of cracking the password. There are many different tools used in this type of attack.
- A dictionary attack uses a base file or dictionary that contains commonly used passwords in an attempt to subvert security. These types of attacks are successful due to users’ continued use of trivial and easy to guess passwords.
- Intercepting data as it travels across networks is another method with which hackers try to steal credentials. This highlights the importance of encrypting data as it is transmitted, but cybercriminals can use tools that attempt to decrypt the information and get what they want.
- Phishing expeditions are another tactic used by hackers to separate you from your data. The main tool is an email that appears to be legitimate, perhaps from someone in your organization. It may contain a link, file or request for login information for a designated system. If a user clicks on the link or file it usually results in malware that will attempt to steal credentials. You should never reply to an email with login information if there is any chance that the sender is misrepresenting their identity.
- Password spraying is a methodical attacking technique that uses common passwords to attempt logins across numerous accounts. It is being used to target single sign-on counts and cloud applications. The slow and steady nature of this kind of attack enables hackers to get around accounts being locked for failed logins.
- Credential stuffing is an attacking method that makes use of the fact that many people reuse the same passwords for multiple accounts. Hackers will use previously stolen credentials to try to access other accounts associated with a particular user.
As you can see, there are many ways through which hackers are attempting to steal login information to break into computer systems. What measures can be taken to minimize their chances of success?
Proper Password Management
Managing your passwords is the first line of defense against data breaches caused by password attacks. While password policies can be dictated by management, it is up to individual users to follow them to help keep the organization’s data safe. Here are some steps you can take to make it harder for hackers to compromise your credentials.
- Create a strong password – At a minimum, a strong password should be made up of eight characters with a mixture of alpha-numeric and special characters.
- Avoid obvious passwords such as simple words, pet names, and birthdays. Dictionary words should also be avoided as they will show up in the hackers’ dictionaries when they conduct attacks.
- Use a password strength tester before implanting a new password. It can help identify weak passwords before a hacker does.
- Use different passwords for different accounts so if one of your accounts is compromised a hacker cannot run wild through all of your other systems.
- Change passwords frequently and avoid reusing the same sequences when selecting a new password.
Securing Your SQL Databases from Password Attacks
IDERA’s SQL Secure is an effective tool for performing security checks on your SQL Server databases. It contains many features which allow you to ensure that the right individuals are accessing your systems and that they are conforming to strong password requirements. With SQL Secure you add another layer of protection to your current security environment.
Two features in particular address passwords and unauthorized access. Weak password detection checks SQL Server logins and alerts you to weak or blank credentials that allow easy access to your systems. This allows you to address specific users to modify their password habits. You can also run an analysis to identify the level of permission and group membership of your databases users. Using this feature lets you ensure that the proper level of access has been granted and to close any potential issues posed by excessive privileges.
The emphasis on security is only going to get stronger as hackers develop new means with which to attack organizations. It’s in your best interest to lock down your systems using all the tools at your disposal. SQL Secure can help keep your databases and the information they contain safe from prying eyes.