Recent research shows that more than 1 million pairs of emails and passwords for corporate accounts at the 27 largest companies in the defense industrial base are in the hands of cybercriminals. That staggering number doesn’t even account for compromised credentials from hundreds of thousands of smaller businesses that contract with government agencies. Securing these companies in the defense supply chain from cyberattacks is critical to protecting controlled unclassified information that resides on industry systems and networks.
The Defense Department recently introduced the Cybersecurity Maturity Model Certification, or CMMC. Eventually, all contractors and suppliers doing business with the DOD must meet a minimum level of requirements for a given security level and undergo a certification process based on review by an accredited assessment organization.
A critical domain of the new certification standards is access control, requiring appropriate tools and processes be in place to prevent unauthorized individuals from accessing sensitive networks and company information. Verizon recently published its annual Data Breach Investigations Report, which indicates that stolen credentials remain the No. 1 hacking tactic used by malicious actors to gain access to “secure” networks and wreak havoc within organizations—and potentially up the supply chain.
Corporate passwords, particularly for government contractors, should be strong given the assets they protect and organizations involved, but problems arise when employees reuse their company credentials for personal accounts. SpyCloud research found that 79% of passwords at the largest defense industrial base suppliers were reused across corporate and personal accounts.
New breaches happen every day, and the spoils from these breaches will become available to anyone who ..
Support the originator by clicking the read the rest link below.
