Can You Stop Russian Hackers From Stealing Employee Passwords?
Whether real or perceived, potential threats from Russians tend to get the attention of everyday Americans. That certainly holds in terms of hackers.
It wasn’t long ago that Russian hacker Guccifer 2.0 penetrated the Democratic National Committee and pilfered off sensitive emails later published on WikiLeaks. Headline-grabbing cybersecurity breaches such as these have businesses worldwide concerned that a bad actor could penetrate their online defenses. More precisely, industry leaders want to know if network passwords are safe from Russian hackers.
How Great a Threat Are Russian Hackers?
In 2014, Russian hackers collected one of the most massive treasure troves of login credentials. According to the New York Times, they reportedly compiled 1.2 billion username and password profiles linked to credit cards after penetrating 420,000 websites. So prolific were the efforts that instilled fear across industries that Russian hackers were almost unstoppable.
In 2018, National Security Agency chief Admiral Mike Rogers admitted that U.S. pushback “has not changed the calculus or the behavior on behalf of the Russians,” according to a Tech Republic report. The article, called “Can Russian hackers be stopped? Here’s why it might take 20 years,” highlights the imminent and ongoing threat posed to businesses of all sizes. How significant a risk are Russian hackers stealing your company’s passwords? Huge.
Cybercriminals from a wide range of rival nations, including China, Iran, and North Korea, are also targeting American companies. And then you have independent bad actors sitting in a café in a country with no extradition barraging your employees with phishing schemes, social engineering trickery, or just using blunt-force tools to learn usernames and passwords. The bigger question might be: Are your passwords safe from any of these threat actors?
How to Identify Password Vulnerabilities
For business professionals to determine whether significant passwords vulnerabilities exist, it’s crucial to re-evaluate existing cybersecurity controls. Ask yourself whether employees are susceptible to any other the following types of password-cracking techniques.
- Dictionary Attack: Automated software tools can be used to run commonly used passwords against a username. These typically include complete words spelled forward and backward as well as consecutive letters on a keyboard.
- Simplicity Attempts: Despite the advanced warnings, a small percentage of people with access to business networks still use passwords that include ABC123 or 12345. Hackers run commonly used passwords to access your network.
- Repetition Attacks: Business leaders are often unaware that employees use the same passwords on their devices and Netflix accounts as they do on company login profiles. Should a Russian hacker gain access to a non-work laptop, cell phone, or home computer, they also have the keys to your system.
- Social Engineering: Sophisticated hackers take the time to leverage information on professional networking platforms, social media, or published biographies to gain a team member’s confidence. This type of long-con leads to someone providing login credentials to a third party.
The important takeaway from these and other potential vulnerabilities is that a single gap in your operation’s cybersecurity can result in a stolen password and debilitating breach. Could a Russian hacker steal one of your staff member’s passwords? Probably.
How to Protect Business Passwords From Russian Hackers
Cybersecurity training and awareness ranks among the best first steps to protecting passwords and your digital assets. By enlisting a cybersecurity firm’s services, top-to-bottom company education provides people with heightened awareness to recognize threats and scams. It’s also essential to realize that hackers prey on human error. That’s why high-level protections such as multi-factor authentication are necessary.
Multi-factor authentication (MFA) creates an obstacle for Russian hackers. Even if they figure out a password, digital thieves will also need control of secondary devices where additional codes are sent and control electronic messaging to authorize access to your system. Teaching employees about password protection can make life difficult for Russian hackers. But password protection systems such as MFA will frustrate their criminal intent.