Move to web-based software increases need for good password management, advises cybersecurity organisation
Credit: PA Images
The National Cyber Security Centre (NCSC) is seeing ‘password spray’ attacks against local authorities where automated attempts are made to access numerous accounts with common passwords, one of its senior officials told an audience of council IT executives.
Peter W, chief technical officer of NCSC Digital, said that the adoption of cloud computing services can boost security as software is updated and patched centrally by the supplier. But its use amplifies the need for good password management, given staff access systems online.
This means organisations should help staff to use strong passwords, rather than making arbitrary demands for ‘complexity’ such as insisting on the use of both letters and numbers. “You are forcing the user to fight that complexity,” said W, whose surname is not publicly disclosed by the organisation.
In April NCSC, a division of signals intelligence agency GCHQ, published a list of the top 100,000 passwords found through security breaches. Several of the most popular consist of a word followed by ‘1’, which would pass a rule insisting on letters and numbers but are insecure given they are so common. W pointed out that many cloud services have built-in security measures that can help tackle such attacks, but they may need activating.
Related content
- What happens during a cyberattack on critical infrastructure?
- Government criticised for ‘failure to coordinate’ on departmental cyber skills training
- Which government department suffers the most data breaches?
NCSC provides Active Cyber Defence services to public-sector organisations which aim to track and resolve common issues actively, mitigate known large-scale problems and fix systemic vulnerabilities in core systems. W said that its Web Check service, which looks for simple misconfigurations in websites, is being used by 97% of local authorities. But he warned that the service should be set to cover all URLs used by organisations rather than just the main ones.
The organisation’s Protective Domain Name System, which blocks public-sector users from visiting websites hosting malicious material, is now used by 222 local authorities, just over half. In the week ending 9 June it handled 2.6bn queries a week, blocking 2.1m attempts to connect to 5,629 malicious domains.
Stressing that most cyberattacks aim to achieve financial gain rather than notoriety, as they are a safer way for criminals to operate than physical action, W said: “Robbing a bank is frankly dangerous. There are guns involved. Someone might get hurt.”
He was speaking at a conference run by digital leaders’ professional network Socitm in Birmingham on 19 June.
Thanks for these pointers. One thing I additionally believe is the fact credit cards offering a 0 rate of interest often lure consumers along with zero interest, instant approval and easy on the web balance transfers, but beware of the main factor that will probably void that 0 easy streets annual percentage rate and to throw anybody out into the bad house quick.
Great web site. A lot of useful information here. I am sending it to some friends ans also sharing in delicious. And certainly, thanks for your sweat!
Wow! This can be one particular of the most beneficial blogs We’ve ever arrive across on this subject. Basically Great. I’m also a specialist in this topic therefore I can understand your hard work.
I’m so happy to read this. This is the type of manual that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this greatest doc.
It抯 actually a cool and helpful piece of info. I抦 glad that you shared this helpful info with us. Please keep us informed like this. Thanks for sharing.