|Printable version||E-mail this to a friend|
The perils of personal passwords for LinkedIn accounts
Blog posted by: Jim Baines, CEO, 06 July 2016.
Jim Baines, CEO of a major US packaging company, recently made a simple mistake which lead to a cyber-attack on his company and left his clients vulnerable to hackers. Jim’s story is the subject of AXELOS' Whaling for Beginners cyber novellas and, in a new series of blogs, Jim discusses his experiences, what he has learned about the importance of cyber resilience and how individuals and organizations need to be better at detecting, responding to and recovering from cyber-attacks.
My passwords are as old as I am (almost): a brief reflection on the LinkedIn hack.
Every time a news story about a company getting hacked appears, I go cold. The LinkedIn hack is no exception. It used to be that I’d see these stories and think they only happened to huge corporations, not relatively modest enterprises like my packaging company here in Peekskill, NY. But then it did happen to me. And, after what seems like a lifetime, I’m still working hard to recover. You can read my story in Whaling for Beginners.
I got caught out by a bogus email that led me to download an attachment (I thought it was a photo of me triumphing on the 18th hole!) and, well, the rest is… a (horrible) history. The attackers used my company to get to my clients: big multinationals, whose trust in me may never be the same again.
We brought in a security consultant to help. Big bear of a guy called Domenic Rizzo. He quickly let me know I wasn’t alone. Cyber-attacks happen so often we don’t even know about most of them. Nobody is immune – particularly people like me in boardrooms around the world.
Rizzo got up my LinkedIn profile and asked me what my password was. I refused to tell him, thinking that was what I supposed to do when a security consultant asked me what my password was. He smiled, sighed, then typed something - paused - and then typed something else. On the fourth attempt he was in.
I was amazed. “Mother’s maiden name?” he asked (knowing the answer). It was. A lot of my (not very diverse) passwords are that personal. That’s how I remember them, how, no doubt, many of us do. I’d used it in various forms ever since the ‘90s. But Rizzo had done his research and, using nothing more than a common search engine and some basic human psychology, had found enough information to make an educated guess.
“The LinkedIn breach happened four, five years ago,” Domenic told me. “It only came to light beginning of ’16 when someone started selling it on the Dark Web; but odds are most people haven’t changed their passwords since then. So, the information, though old, is still valuable. CEOs need to change their passwords frequently.Especially CEOs. Their passwords are the most valuable.
Sounds simple. But it’s true. Do you know how vulnerable you are? Do you behave like you’re the first line of defence for your company?
Want to be secure? Get the full story: Whaling for Beginners Books I and 2 available now
See our RESILIA™ section for more information about cyber resilience.
Latest News from
What is configuration management and what we can learn from a fridge freezer?01/12/2016 09:20:00
Blog posted by: Richard Josey, The Thebes Group, 30 November 2016.
How can we involve more women in IT?24/11/2016 16:20:00
Blog posted by: Gladys Maina, IT Officer, Jhpiego Kenya, 23 November 2016.
Digital Leaders Salon - Event22/11/2016 12:38:00
Balancing your digital transformation and cyber resilience: the challenge and the opportunity.
Towards convergence: how to overcome silo working in IT22/11/2016 11:20:00
Blog posted by: Simon Kent, Chief Innovation Officer & CIO Advisory, Sollertis, 21 November 2016.