"#BeCyberSmart” means being aware of how to conduct business – whether professional or personal – safely online, which is exactly what M3AAWG has been working to do. We have joined forces to support the October Cybersecurity Awareness Month.
Most of us now conduct most business online, whether online commerce, healthcare tools, sharing photos, or scheduling. Despite all the benefits of our online communities, they also attract bad actors.
For example, the highly regarded Verizon Data Breach Investigation Report found 61 percent of data breaches used compromised credentials (don’t share passwords is one tip here!). More than half of IT leaders believe employees have relaxed their cyber safety practices since the work-from-home surge (Tessian survey). And nearly two-thirds of companies have more than 1,000 sensitive files left open to every employee (Varonis).
M3AAWG has provided a number of resources related to multifactor authentication,which can help prevent some attacks and breaches. Publications from M3AAWG offer advice on password managers and MFA.
In the upcoming general meeting 53, M3AAWG wilL address little-known tricks and challenges with a hands-on table top exercise in which participants will step through the logic of a limited set of account takeover, account recovery, and hygiene scenarios. This training includes the visceral experience of how both multi-factor and password managers fail to protect accounts when your organization login flow is designed with loopholes and vulnerabilities currently overlooked by some of the world's largest companies. We will also examine the benefits of more robust recovery flow logic, and contrast the features and dangers of three free authenticator apps. Scenarios will run from three perspectives: asset organization, attacker, and user.
These kinds of practices inevitably lead to attacks, malware, ransomware and other incidents. More info and recommendations are available at Cybersecurity Awareness Month, organized by the National Cyber Security Alliance with more info at https://staysafeonline.org.