Study Shows Shift In Corporate Network Security Culture

of C-level enterprise executives saidA survey conducted by Opinion Matters indicates C-level enterprise executives are slow to accept Chief Information Security Officers as key corporate decision makers.

Of the roughly 300 C-level executives surveyed, 74 percent indicated they did not feel CISOs deserved a spot at the decision making table. At the same time, 44 percent indicated CISOs are to blame for network security compromises.

The report highlights the struggle companies are facing in the new world of cyber crime. While the cost of attacks are increasing significantly, companies are still evolving in their approach to the issue. The Opinion Matters survey showed that “61 percent of executives do not feel their CISO would be successful in a leadership position outside of information security.”

That leaves companies — executives and CISOs alike — in an interesting position. As noted by the survey’s conclusion, the role of security officers no longer solely relates to network infrastructure — instead, the focus is shifting to the business health of an organization.

“They (CISOs) must realize that as members of an enterprise’s senior leadership team, they have to demonstrate value beyond information security by aligning cybersecurity strategy with business goals — enabling the organization to succeed and reach its strategic objectives,” the conclusion states.

 

 

JonsfaceWant to have a chat about network security and what it means for your company or organization? Call Jon Heyesen, Citon’s Director of Business Development, at 218.720.4435 or email him at jon.heyesen@citon.com.

A Frank Discussion About Password Security

[hupso]
beat-a-dead-horseYou, dear reader, are a responsible password user with perfect password hygiene:

  • You always use a password with a mix of letters, numbers and special characters.  You never use a pet’s name, an anniversary date or “password123.”
  • You never write your password down and leave the note in an unsecured location.
  • You never use the same password twice. You would never use the same password for a banking site as an online newsletter.
  • You strictly follow all password policies handed down by your business, organization and other entities.
  • You never enter your password into anything but a trusted login window that you are certain has not been hijacked by a guy named “l33t PETE.”

Congratulate yourself on your mastery and discipline in the area of password security! If you do not adhere to the list above, we have some work to do. Each point above has thousands of cautionary tales. Did you know…

  • Passwords used online since early March have the potential to have been stolen by a HeartBleed attack.
  • Password guessing (brute force) attacks steal millions of accounts on the Internet every year.
  • Insider threats from coworkers and untrustworthy janitorial services can turn that password on the post-it under your keyboard into a disaster.
  • Once a big site like LivingSocial gets infiltrated and has passwords stolen, the hackers turn around and try those same passwords on banking sites, shopping sites, etc.

Your internal dialogue is probably saying, “What’s the big deal with password security? No one wants access to my Facebook page or work email anyway.” Instead of trying to shame you into protecting against a threat that is hard to predict, here are three useful tips that will make you more secure and make passwords a little less awful:

Use a pass phrase and not a password. Instead of  “d0gFLEA$,” use, “My dog ROGER has no fleas!” There is no doubt which one is easier to remember, but which one is more secure? According to the Brute Force Password “Search Space” Calculator, the “dogFLEA$” password could be discovered within 18.62 hours through an online dictionary attack. “My dog ROGER has no fleas!,” on the other hand, would take 47 hundred trillion trillion centuries to discover through an offline dictionary attack. (Note: There are dictionary attacks that would be faster.)

Use a secure password manager. Instead of writing passwords down or storing them in an unprotected file, use one of the many secure password tools like KeePass. As long as the app uses encryption to save the password and makes you enter a password to unlock, it is much better than a post-it.

Separate passwords by the importance of what they protect. Your bank account should have a unique password, as should your corporate email account. If you are going to be lax, be lax with the things that are not important. Perhaps the password for your free newsletter account and the warranty site for your toaster can be the same.

Passwords are an annoying fact of life.  There are better ways to prove to computers you are who you say you are, but that is for another article.

Paul Hirsch is a Senior Network Engineer for Citon Computer Corp. If you have a question for Paul, use the form below. 





Your Name (required)

Your Email (required)

Your Message