View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 24, 2014

Is your poor security hygiene attracting scum?

Latest hack by the Syrian Electronic Army highlights need to improve password security.

By Duncan Macrae

A security expert has warned that people need to improve their ‘password hygiene’, following revelations that the Syrian Electronic Army hacked CNN’s social media accounts yesterday.

Along with a number of the news agency’s social media accounts, blogs were also said to have been compromised.

Thomas Pedersen, CEO of identity management firm OneLogin, said that password security for public-facing apps such as these is an issue that is often overlooked.

It is only when high-profile accounts get hit that the bigger problem around management and control of cloud applications gets looked at, he added.

"The recent attack on CNN’s Twitter Account and Blogs by the Syrian Electronic Army is another high-profile reminder that bad password hygiene coupled with a lack of access control can create weak points in any company’s ability to securely manage their marketing applications," Pedersen explained.

"Marketing and social media apps have proliferated, and it’s critical that any organisation – especially larger organisations with distributed internal and external users – lock down access to any and all applications."

"Hacks that you hear about, like this one on CNN, can often be avoided with proper Password Vaulting or cloud-based Identity and Access Management solutions. Cloud-based IAM makes cloud apps less vulnerable because end users never log directly into the application. Rather, they go through the IAM system first, which can include a second factor of authentication."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Password Vaulting is often combined with an IAM system and is a way of adding an additional layer of protection to web apps like Twitter or in- house content management systems. By storing the passwords securely server-side and injecting them into an application’s login page during sign-on, there is no reason why a communications staff should ever know his or her password for an app or be able to share it with colleagues, according to Pedersen.

"Since users log into the IAM system, they are much less like to be susceptible to phishing attacks for three reasons," he added. "Firstly, they’re not in the habit of logging in directly so a hacker’s email asking them to do so doesn’t match the normal work process. Second, even if they do click through, they can’t enter their details into a phishing page as they don’t know them. Third, companies can add a second factor of authentication to the IAM system like a mobile one time password app."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.