Joan works at a small, local manufacturing company; her company makes highly specialized chemical testing sensors used in various applications all over the world. Joan’s job is to process orders and make sure that the products are shipped out to the customers on time. She loves her job and would never do anything to jeopardize losing it.
Everyone who knows Joan knows she also loves cats! Recently, Joan joined an online forum for cat lovers. Just about every day, she is online posting videos, reviewing feline-related products, and bragging about her lovable fur babies. A couple of months after joining the forum Joan is at her desk at work and receives a call from a frustrated customer that has not received their shipment. Joan knows this customer well and remembers processing the order. To be sure, she checks her internal systems and everything looks fine. Joan decides to check the shipping company’s site. Upon logging in, she realizes something is very wrong. Many of the shipping addresses for her customers have been changed to a single address in third world countries. Joan immediately escalates to her manager who calls in the IT team and support from their shipping vendor.
What Joan didn’t know was that the cat forum she joined was recently compromised by hackers and all the user profile information was captured. Joan claims to have a terrible memory for things like passwords, so for convenience, she sets all of her passwords to “CatLover123!”. The hackers were able to take Joan’s account information from the forum, cross-reference her LinkedIn profile, and they found out where she worked and what her job was. They attempted to access the corporate systems but were unable to gain access because the IT department has multiple factor authentication (MFA). The shipping company portal is not compatible with the corporate MFA solution, so knowing that Joan worked in shipping, the hackers were able to gain access to the shipping portal and redirect all the current shipments.
How could this have been prevented? The answer is strong password management policies, training, and resources. The following standards provide a minimum baseline for what this should look like. Everyone should be aware of and trained on these standards and whenever possible they should be enforced programmatically.
Additionally, IT should look to implement a corporate password management tool that allows users and system administrators to store, manage, and even share passwords in a secure location. These systems give people like Joan a place to keep various passwords, so they do not re-use the same ones and to help enforce password policies for sites that do not integrate with corporate authentication tools.
CCI Systems Blue Team experts can help your company implement the systemic changes to ensure strong password policies are in place, help manage the rollout and training of your staff, and guide you through the process of selecting and implementing a password management tool.