Enterprise security attackers are growing in number and sophistication. Organizations are only one password away from it being their worst day. To that point, is it time to ditch all those annoying, hackable passwords and live in a passwordless society?

Passwords have been the primary method of authentication for decades. While they have served their purpose and served it well, there may be better alternatives for protecting your mission-critical data and digital resources. As technology advances, cybercriminals find new ways to steal corporate credentials, making password security less effective.

In fact, according to a recent study, 81% of company data breaches were due to poor passwords. Password reuse is of particular concern as it could lead to credential stuffing attacks where threat actors take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.

The same report revealed that 80% of hacking incidents were caused by stolen or reused login information.

These attacks weren’t on small companies with limited resources and weak cybersecurity protocols. They were on household name enterprises such as Ticketmaster, GoDaddy, Microsoft, SolarWinds, and even the New York City Law Department. In the case of SolarWinds, the hackers could get in with a weak password an intern had been using (“solarwinds123”), which was publicly accessible via a misconfigured GitHub repository.

Not only are passwords less secure, but they are also productivity inhibitors. In another recent report on passwordless security, 45% of respondents indicated that a passwordless approach to security would increase productivity.

In addition to weak passwords and credential reuse, passwords can be a hindrance to enterprise security in several ways:

1. Passwords can be easily compromised: Bad actors can steal or hack credentials using various methods, such as phishing, brute force attacks, or social engineering.
2. Password Sharing: Employees may share their passwords with others, which can put enterprise data at risk. Password sharing is especially problematic when employees leave the company or change positions, as they may be disgruntled or their old passwords remain active.
3. Human Error: Employees may inadvertently reveal passwords through phishing scams or other social engineering tactics, which gives attackers access to enterprise data even if they do not have the correct login credentials.
4. Lack of Two-Factor Authentication: Passwords alone may not be enough to secure enterprise accounts. Two-factor authentication can add an extra layer of security.
5. User frustration: Password policies can frustrate users who must remember multiple passwords, adhere to strict complexity rules, and change them frequently.
6. Cost of password management: Organizations need to invest in password management systems, such as password policies, training, and resets. These systems can be costly and time-consuming.

Given these reasons, enterprises should consider more secure alternatives to password security, such as Zero Trust, biometrics, multi-factor authentication, and certificate-based authentication. As compromised credentials continue to be a common attack vector, it only takes one nefarious login to bring a company to its knees. Of course, enterprises can’t just suddenly pull the plug on passwords altogether, but it is an option worthy of consideration.

Wi-Fi authentication is the process of verifying the identity of a user or device that wants to connect to a wireless network. Corporate networks, especially those in manufacturing companies, retailers, and healthcare organizations, often require strong authentication mechanisms to ensure the security of their data and systems.

There are several methods of Wi-Fi authentication, including:

• Pre-Shared Key (PSK) authentication: This method involves the use of a shared password that is distributed to all users who are authorized to connect to the network. This is a simple and easy-to-implement method, but it can be less secure than other methods because the password can be easily shared or intercepted. (NOTE: At Portnox, we strongly urge organizations NOT to use PSKs for network authentication and access due to its inherent vulnerability.)
• 1X authentication: This method involves the use of a RADIUS (Remote Authentication Dial-In User Service) server that verifies the identity of users or devices attempting to connect to the network. The server uses a certificate-based authentication process, which is much more secure than PSK authentication.

Wi-Fi Authentication Woes Experience by Manufacturers

For many manufacturers, Wi-Fi authentication is critical for ensuring the security of the network and the sensitive data that is transmitted over it. The authentication process must be fast and seamless to avoid disrupting production processes. The use of 802.1X authentication is common in manufacturing companies, as it provides strong security and can easily integrate with existing user management systems.

Manufacturing companies are also vulnerable to cyber-attacks that target their Wi-Fi networks. Here are some examples of notable cyber-attacks against manufacturers that targeted Wi-Fi networks:

• NotPetya ransomware attack: In June 2017, the NotPetya ransomware attack affected several global manufacturers, including Merck, FedEx, and Maersk. The attack exploited a vulnerability in Ukrainian accounting software and spread rapidly, encrypting data on infected machines, and demanding a ransom in exchange for the decryption key.
• Dragonfly 2.0 attacks: Between 2015 and 2018, a group of hackers known as Dragonfly 2.0 targeted energy and manufacturing companies in the US, Europe, and Asia. The attacks included the use of spear-phishing emails and the installation of malware on targeted systems, potentially providing a gateway to the companies’ Wi-Fi networks.
• Havex malware attack: In 2013, a group of hackers known as Energetic Bear targeted several industries, including manufacturing and energy. The attacks included the use of spear-phishing emails and the installation of malware known as Havex on targeted systems. The malware was designed to collect data on the systems, potentially including login credentials for Wi-Fi networks used by the manufacturers.
• Trisis malware attack: In 2017, a malware attack known as Trisis targeted a Saudi Arabian petrochemical plant. The malware was designed to manipulate the plant’s safety systems, potentially causing a catastrophic industrial accident. The attack reportedly exploited vulnerabilities in the plant’s Wi-Fi network.

Retailers Caught with Their Wi-Fi Pants Down

In the retail industry, Wi-Fi authentication is used for both internal and external purposes. Retailers use Wi-Fi networks to provide internet access to their customers, but also to manage their inventory and point-of-sale systems. Strong authentication is important for protecting sensitive customer information and preventing unauthorized access to sales data.

Retailers are also vulnerable to cyber-attacks that target their Wi-Fi networks. Here are some examples of notable cyber-attacks against retailers that targeted Wi-Fi networks:

• Target data breach: In 2013, hackers gained access to Target’s network through a vulnerability in the company’s HVAC system, which was connected to Target’s Wi-Fi network. The hackers stole data on 40 million credit and debit cards and 70 million customer records.
• Home Depot data breach: In 2014, hackers gained access to Home Depot’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on 56 million credit and debit cards and 53 million customer email addresses.
• Wendy’s data breach: In 2016, hackers gained access to Wendy’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on 18 million payment cards used at Wendy’s restaurants.
• Forever 21 data breach: In 2017, hackers gained access to Forever 21’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on credit and debit cards used at certain Forever 21 stores.

Wi-Fi Hacks in Healthcare that Just Hurt

Wi-Fi authentication is used widely across the Healthcare industry to ensure the security of patient data and to comply with HIPAA regulations. Healthcare organizations require a high level of security for their networks, as the data transmitted over them can include sensitive medical information.

There have been several notable cyber-attacks against healthcare organizations that targeted Wi-Fi networks. Here are a few examples:

• WannaCry ransomware attack: In May 2017, the WannaCry ransomware attack affected healthcare organizations in the UK, Spain, and other countries. The attack exploited a vulnerability in Microsoft Windows systems and spread quickly, encrypting data on infected machines, and demanding a ransom in exchange for the decryption key.
• VPNFilter malware attack: In 2018, the US Department of Justice announced that a group of Russian hackers known as APT28 had infected hundreds of thousands of routers with malware known as VPNFilter. The malware allowed the hackers to steal data and control the routers, potentially providing a gateway to the healthcare organizations’ Wi-Fi networks.
• ShadowPad backdoor attack: In 2017, researchers discovered that the popular CCleaner software had been compromised, with a backdoor known as ShadowPad installed on users’ systems. The backdoor allowed hackers to gain access to sensitive data, potentially including login credentials for Wi-Fi networks used by healthcare organizations.
• BlueBorne Bluetooth attack: In 2017, researchers discovered a vulnerability in Bluetooth devices that could allow hackers to take control of devices without user interaction. This could potentially allow hackers to gain access to Wi-Fi networks used by healthcare organizations, which often rely on Bluetooth-enabled devices for patient monitoring and other purposes.

If Only They Used 802.1X for Wi-Fi Authentication

As we mentioned earlier, and as some of these hacks will illustrate, 802.1x authentication is considered the most secure WiFi authentication method because it provides a way for the network to verify the identity of each client device that tries to connect to the network. Here are some reasons why:

• User authentication:1x authentication requires users to provide their unique credentials, such as username and password, before being granted access to the network. This helps ensure that only authorized users are accessing the network and that their activities can be tracked and monitored.
• Mutual authentication: In addition to verifying the identity of the client device, 802.1x authentication also verifies the identity of the network. This means that both the client and the network have to authenticate each other before allowing access, which helps prevent man-in-the-middle attacks.
• Dynamic encryption keys: With 802.1x authentication, each client device is assigned a unique encryption key that is used to secure the communication between the client and the network. These keys are dynamically generated, meaning they change frequently, which makes it difficult for attackers to intercept and decode the network traffic.
• Granular access control:1x authentication allows network administrators to define access policies based on user roles, device types, and other factors. This enables them to control exactly who has access to which parts of the network, reducing the risk of unauthorized access.

Overall, 802.1x authentication provides strong security for WiFi networks by requiring user authentication, mutual authentication, dynamic encryption keys, and granular access control. While it may be more complex to set up and manage than other authentication methods, the extra security measures it provides can help protect against a range of attacks and keep sensitive data and resources safe.

What’s the very last thing a business wants to tell its customers? Without a doubt, it’s that their data may have been compromised due to a third-party vendor data breach.

Today’s cyber landscape is more complex, riskier, and costlier than ever. Most cybersecurity experts and professionals know a majority of cyber breaches are the result of human error. However, they all too often (and mistakenly) associate these human-caused digital infringements as inside jobs – an employee innocently clicks on a malicious link sent via email, or the internal IT guy or gal forgot to perform a software patch or update.

Still, believing an organization’s internal staff is primarily responsible for these breaches could be an even more catastrophic mistake. The one place CISOs and cybersecurity managers often fail to look when it comes to a human-error-caused breach is at their outside, third-party vendors.

Did you know that 60% of all data breaches are initiated via third-party vendors?

To add insult to injury, according to a recent study by third-party cyber risk intelligence provider Black Kite, unauthorized network access is the most common root cause of third-party attacks, initiating 40% of the third-party breaches last year.

There’s a disconnect when it comes to third-party data risk

There is a startling disconnect between an organization’s perceived third-party data risks and the security measures it implements to avoid such threats. As a result, organizations are not taking the necessary steps to reduce remote access threats and are exposing their networks to security breaches and liabilities.

A recent Ponemon Institute study revealed that 44% of organizations surveyed have experienced a breach within the last 12 months, with 74% stating it resulted from giving too much privileged access to third-party vendors.

As businesses increasingly rely on outside vendors for increased efficiency and to provide specialized services such as IT infrastructure management, cloud services, cybersecurity, or any function that requires access and handling of sensitive data and mission-critical resources, they must take into account the consequences of failing to implement a third-party risk management strategy.

According to Gartner, cybercriminals increasingly use third parties, such as software vendors, to attack essential targets. Organizations often have no centralized control over these third-parties. The relationships are often complex and unsecure. As a result, there is an increased risk of data breaches, cyber-attacks, and other security incidents.

Deloitte recently identified three key emerging trends that drive increased third-party risk:

1. Increased incidents related to vendors: Suppliers are causing more disruption, and risks are not being managed. Threat examples include information security, privacy, and anti-fraud management.

2. Regulators are focusing on supplier risk: Regulators are increasing the pressure on organizations to better manage their supply chain risk.

3. Pressures from economic volatility: Economic conditions mean tighter margins for suppliers and an increased risk of supplier disruption.

Because of this grim reality, organizations need to shift their mindset when protecting not only their data but also their customer and partner data.

Shifting the mindset to risk quantification

This mindset shift needs to include risk quantification, in that it not only needs to assess the types of risks out there and any potential vulnerabilities, but to also use it as an indicator of how to manage these risks. A third-party risk management strategy is the best way to quantify which risks your third-party vendors might contribute to.

Here are some reasons why enterprises must quantify the risks and implement a third-party data risk management strategy:

1. Protect sensitive data: Enterprises are responsible for protecting sensitive data, such as personally identifiable information (PII) and financial data. A third-party data risk management strategy can help ensure third-party vendors are properly vetted and adhere to the enterprise’s security procedures, policies and standards.

2. Compliance with regulations: Many industries have regulations that govern the handling and protection of data. Enterprises must ensure third-party vendors comply with these regulations, as they can be held responsible for data breaches.

3. Reputation management: A data breach or security incident involving a third-party vendor can significantly impact a business’s reputation. Implementing a third-party data risk management strategy can help mitigate these risks and protect the enterprise’s public perception.

4. Business continuity: A security incident involving an outside vendor can disrupt business operations and result in significant financial losses. A third-party data risk management strategy can help ensure these vendors have the necessary security controls to prevent such incidents.

Best practices in minimizing third-party data risk

The first step in implementing a third-party data risk management strategy is to identify all vendors your organization works with, including their contact information and the services or products they provide.

Here are some best practices to ensure your third-party vendors remain compliant and that your organization’s protect surface is indeed protected:

1. Assess the risk: Once you have identified your vendors, assess the risk associated with each. This assessment should include the type of data they will be handling, the level of access they will need to perform their job, and the security protocols they have in place.

2. Implement a zero trust policy: Zero Trust is quickly evolving as the go-to cybersecurity defense mechanism to reduce cyber threats. As the threat landscape continues to expand and progress, organizations must implement Zero Trust policies that outline the minimum security requirements vendors must meet to be granted access to your systems and data. This policy should be based on the risk assessment and include access controls, data handling procedures, and security training requirements.

3. Ensure all third-party vendors have their own cybersecurity risk & monitoring plan: Perform a risk assessment of each vendor to determine the policies and procedures they have in place to mitigate a threat. This assessment should include evaluating their security controls, data handling practices, incident detection and response protocols, and compliance with regulatory requirements.

4. Verify that your vendors also follow best practices with THEIR vendors: When it comes to enterprise networking, there are many hands in the pot. To best ensure your vendors are compliant, confirm they have policies and procedures in place to maintain confidentiality, access privileges, and provide security training for their vendors who might have access to your network and data.

5. Monitor vendor activity: Continuously monitor third-party vendor activity to ensure they comply with your security requirements and policies. Implement logging, notification, and auditing procedures to track vendor access and activities. If there is any suspicious activity, investigate and take appropriate action immediately.

6. Foster a culture of cybersecurity: A culture of cybersecurity and awareness throughout your organization and among third-party vendors ensures everyone is on the same page and with the same threat prevention mindset. Provide security awareness training to employees and vendors and encourage them to report any security incidents or concerns.

7. Enforce policies, systems, and procedures: Ensure that the security policies and practices are enforced and that vendors are held accountable for any breaches or violations. You can use contracts and service level agreements (SLAs) to establish vendor accountability.

8. Review and update regularly: Regularly review and update your security policies and practices to reflect any changes in your organization’s security posture or any new threats that may arise.

Vendor security management should be a priority for any business that relies on outside parties to handle and manage its vital business data and networks. A third-party data risk management strategy is essential to maintaining customer trust, so you never have to deliver the dreaded news of a breach. However, it requires a comprehensive approach to security that involves identifying risks, establishing policies, monitoring activities, and enforcing compliance. By following these steps, you can protect your organization from third-party data risks and ensure you meet the evolving threat landscape.