Syrian Electronic Army hacks could have easily been avoided

Similar attacks can be prevented with a combination of password vaulting and cloud-based IAM

 Image for Syrian Electronic Army hacks could have easily been avoided

The recent attack on Microsoft’s Twitter account and blog by the Syrian Electronic Army is another high-profile reminder that bad password hygiene coupled with a lack of access control can create weak points in any company’s ability to securely manage their marketing applications.

Marketing and social media apps have proliferated, and it’s critical that any organisation – especially larger organisations with distributed internal and external users  – lock down access to any and all applications.

Hacks that you hear about, like this one on Microsoft, can often be avoided with proper password vaulting or cloud-based Identity and access management solutions.

> See also: The Syrian Electronic Army hacks NYT, Twitter, after breaching web registrar 

Cloud-based IAM makes cloud apps less vulnerable because end users never log directly into the application. Rather, they go through the IAM system first, which can include a second factor of authentication.

Password Vaulting is often combined with an IAM system and is a way of adding an additional layer of protection to web apps like Twitter or in- house content management systems.

By storing the passwords securely server-side and injecting them into an application’s login page during sign-on, there's no reason why a communications staff should ever know his or her password to an app or be able to share it with colleagues.

> See also: The 2014 cyber security roadmap

Since users log into the IAM system, they are much less like to be susceptible to phishing attacks for three reasons: Firstly, they're not in the habit of logging in directly so a hacker's email asking them to do so doesn't match the normal work process.

Second, even if they do click through, they can't enter their details into a phishing page as they don't know them.

Third, companies can add a second factor of authentication to the IAM system like a mobile one time password app. 

 

 

Comments (0)