Let’s be perfectly honest: nobody likes passwords. It’s the primary reason why the most commonly used passwords are as simple as they come - many of us feel as though we’ve got better things to do than memorise dozens (if not hundreds) of unique and secure passwords.
That’s why 30% of internet users utilise password managers to store their passwords and remove the need for password memorisation.
However, there’s only one constant in cybersecurity: technology can’t save us.
The recent LastPass incident is a prime example of why technologies must be paired with strong cybersecurity foundations. So, join us as we share what happened in the breach, what we can learn, how to create strong passwords and promote cybersecurity awareness training for employees.
LastPass is, by far, the most popular password management tool in the world. Commanding more than 21% of the market, its pitch is simple: one secure location for all of your passwords across every device.
However, in August 2022, the company announced that it had suffered a data breach, indicating that it was a minor and contained incident. What has followed has been a slow-moving disaster. Here’s the timeline of events so far:
While LastPass quickly responded to the incident and has maintained regular updates since, resetting the passwords of affected accounts and prompting all users to update their master passwords, it’s an eye-opening incident.
The LastPast breach highlights that even password managers, which are supposed to be the ultimate defence mechanism against password-related cyber attacks, can’t protect your data completely.
Join the thousands who've discovered how Bob's Business' security and compliance awareness training reduces risk, demonstrates improvement and builds cultures.
The LastPass data breach serves as a valuable lesson for individuals and organisations on the importance of taking cybersecurity seriously. Here are some key lessons we can learn from this incident:
Password managers are useful for generating and storing strong passwords but are not immune to attacks. This breach demonstrates that a single compromised password can lead to multiple account breaches. In this case, the compromised developer account meant that the threat actors could gain access to everything they needed.
Therefore, it is essential to implement additional security measures and monitor password manager accounts regularly.
Multi-factor authentication adds an extra layer of security by requiring users to provide additional information, such as a fingerprint or code sent to their mobile device, in addition to a password. Implementing multi-factor authentication can make it much harder for hackers to gain access to user accounts.
Cybersecurity is not just an IT issue; it is a business issue that requires the involvement of all employees. Cybersecurity awareness training for employees can help to prevent human error that can lead to a breach. Educating employees on identifying and preventing cyber attacks can go a long way in improving an organisation's overall security.
Cyber threats are constantly evolving, and organisations need to regularly review and update their security policies to ensure they are up-to-date and effective in mitigating the latest threats.
The LastPass incident is a prime example of why we should not rely solely on technology to protect our passwords. While password managers are an excellent tool for generating and storing strong passwords, they can also become a single point of failure.
If a hacker gains access to a password manager account, they can potentially access all of the user's accounts that are stored in the password manager.
Furthermore, no system is entirely secure. A determined and skilled hacker can bypass even the most advanced security measures.
Therefore, it's important for all of us to equip ourselves with the knowledge of how to create strong passwords and promote cybersecurity awareness training for employees.
Creating a strong password is one of the most effective ways to protect your online accounts. Here are some tips on how to create a strong password:
At Bob's Business, we know that cybersecurity training is essential to protect your organisation. That's why we offer engaging and tailored online cybersecurity training to empower all team members to recognise and respond to cyber threats, protecting your organisation from the 90% of breaches caused by human error.
Our training is designed to be bite-sized, interactive, and easily integrated into your busy schedule. Additionally, our engaging content ensures that your team stays motivated and focused throughout the training process.
Act now to protect your organisation and customers from cyber threats by exploring our comprehensive range of cybersecurity awareness training products. Click here to start reducing your risk today.