Latest news with #MFAs
Yahoo
14-05-2025
- Yahoo
FBI gives input on recent uptick in cyber attacks
FARMERSBURG, Ind. (WTWO/WAWV)— WTWO reached out to ask the FBI for any tips to deal with the recent uptick in cyber crimes across the Wabash Valley. The FBI responded by stating that from 2021 to 2023, the Healthcare and Public Health sector had been the main target for cyber attacks until 2024, when they fell to second place behind critical manufacturing, according to the Internet Crime Complaint Center's annual reports. Here is a list of good practices the FBI recommends to avoid attacks like these. Enable Multi-factor Authentication Use strong passwords and save them with a password manager Change default credentials for software and hardware products Keep all your hardware and software up to date Avoid clicking on suspicious links Consider proactively freezing your account To start, the FBI says that using Multi-factor Authentication (MFA) can significantly reduce the likelihood of your accounts being compromised. Using an MFA will require a combination of credentials to log into an account. They recommend using a combination of the following for your login. Something you know: like a password or Personal Identification Number (PIN) Something you have: like a smart card, mobile token, or hardware token Some form of biometric factor (e.g., fingerprint, palm print, or voice recognition). For additional information on MFAs, you can visit here. Secondly, the FBI recommends strong passwords. Some examples of how are long passwords of at least 16 characters, using a random string of mixed-case letters, numbers, and symbols, or a short phrase of random words, or creating unique passwords, one per account. They also recommend using a reputable password manager to generate and store passwords. Many such systems are already on most newer devices. Third, the FBI stated that most hardware and software come with default usernames and passwords that are easy to exploit. Default passwords may even be labeled on the device or readily available online. Fourth, many individuals who commit cyber attacks do so through known vulnerabilities in systems to attack sometimes in as little as one to two weeks after being patched. The FBI recommends always having your system software, applications, and firmware up to date and turning on auto updates. They also state that if a piece of software or hardware (such as Windows 10) is no longer supported, replace it as soon as possible. Next, the FBI recommends never clicking on suspicious links that can come in the form of emails, direct messages, and social media posts. This can be used to gain access to information or infect your device with malware. When these attacks happen, many hackers will then use stolen credentials to log into your sensitive accounts and access your data or money if they aren't secured with a multi-factor authentication. These attacks can also result in someone unwittingly downloading malware that damages their system or installs ransomware that holds their computer captive. Finally, if all else fails and you believe that your personal information has been stolen, the FBI recommends placing a credit freeze to protect yourself from fraud. A credit freeze will put a restriction on access to your credit report and will keep creditors from being able to approve new credit accounts in your name. To let lenders and other companies access your account again, you'll either need to temporarily or permanently lift the freeze. You can freeze or lift a freeze on your credit report for free by contacting Equifax, Experian, and TransUnion. For more information and links to those companies, you can click here. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Business Upturn
01-05-2025
- Business Upturn
INE Security Alert: World Password Day 2025 Cybersecurity Training Insights
By GlobeNewswire Published on May 1, 2025, 15:02 IST Cary, NC, May 01, 2025 (GLOBE NEWSWIRE) — INE Security, a leading global provider of hands-on cybersecurity training and cybersecurity certifications, today released expert analysis on the current state of password security and security team training best practices as organizations recognize World Password Day on May 1, 2025. Threat intelligence data shows that password vulnerabilities continue to be the favorite target for hackers worldwide, despite years of warnings from security experts. While companies keep investing in advanced security tech, the humble password remains the front door to most organizations—and too often, it's a door with a broken lock. 'It's concerning to see password-related breaches still dominating security incidents despite all the technological advances,' said Dara Warn, CEO of INE Security. 'What we're finding is that there's a persistent gap between security training and implementation—teams know what they should be doing, but putting that knowledge into practice remains challenging. That's why we're emphasizing practical, hands-on cybersecurity training that transforms security knowledge into meaningful action.' INE Security's analysis reveals three critical password security trends for 2025: Credential Stuffing Attacks Are Getting Worse According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches. According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches. People Just Aren't Using Password Managers Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials. Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials. Hackers Are Getting Better at Bypassing MFA Multi-factor authentication has improved, but phishing campaigns designed to steal those verification codes have gotten much more sophisticated. Keepnet Labs found that 15-20% of phishing attacks are now specifically crafted to get around MFA protection. Addressing these vulnerabilities requires comprehensive cybersecurity training that prepares teams for real-world threats. The Security Training Reality Gap INE Security recommends a fresh approach to security training to fix these problems and strengthen password protection: Make Training Count: Ditch the annual checkbox compliance training for realistic cybersecurity training scenarios that mirror actual credential attacks. IBM found that top-performing companies are 68% more likely to provide effective training compared to low performers. Teams with proper training save around $70,000 annually and are 10% more productive. Get Hands On with Real Practice: Set up security labs and cyber ranges where people can experience simulated password attacks firsthand, building critical skills for their cybersecurity career. Studio found that employees who face simulated attacks develop deeper understanding that sticks with them and keeps them motivated to stay vigilant. Train, Practice, Certify, Repeat: Don't just train once and forget it. Companies with structured, ongoing training see 218% higher income per employee than those that train sporadically according to Keepnet. Build Security Into Your Culture: Close the gap between security knowledge and actual practice by making security part of your company's DNA. A report conducted by INE Security found cybersecurity training programs are the most effective way to keep organizations secure in a cloud-dependent landscape. 'The data consistently shows that organizations investing in comprehensive, hands-on security training achieve measurable improvements in their security outcomes and realize significant returns on that investment,' Warn concluded. 'On World Password Day, I encourage security leaders to thoughtfully evaluate their current training approaches and consider how they might better develop the practical skills their teams need to address today's sophisticated password-based threats.' About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career. Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same. GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.
