What is the Risk List?

Daniel Strain 26-Apr-2019 00:00:00
Password stats

We are becoming more and more dependent on e-commerce and SaaS sites, meaning we have what seems like an endless stream of different passwords.

To make them more memorable it is tempting to use something personal to you and we bet if you take a second to think about your passwords, you’ll probably find that at least one of them contains a family members name, or the year you were born – information that will take hackers seconds to find. There is also a high probability that you have also used one of those passwords across multiple sites, making it even easier for cybercriminals to gain access.

A massive and very exploitable gap in the UK’s personal security knowledge was spotlighted during the National Cyber Security Centre’s ‘UK Cyber Survey‘.

How much do we really know about Cyber Security?

It is time the UK took cyber security more seriously. To put into perspective just how little us Brits seem to know about cybersecurity, here are some of the results collected;

  • Only 15% say they know how to protect themselves from harmful activity.
  • The most regular concern is money being stolen. With 42% feeling is likely to happen by 2021.
  • 89% use the internet to make online purchases. With 39% on a weekly basis.
  • One in three relies on friends and family for help on cybersecurity.
  • Young people were more likely to be privacy conscious and careful of what details they share online.
  • 61% of internet users check social media daily, but 21% report they never look at social media.
  • 70% always use PINs and passwords for smartphones and tablets.
  • Less than half do not always use a strong, separate password for their main email account.

The password ‘123456’ has been found over 23 million times!

The National Cyber Security Centre in collaboration with Troy Hunt released a file containing the top 100,000 passwords from his Have I Been Pwned data set. If you see a password that you use in this list, you should change it immediately. You can also check if you have an account that has been compromised.

How do these figures affect your business?

A common attack strategy is using lists like these when trying to breach a perimeter (password spraying). In a research study that allowed participating businesses to measure how defenceless they would be to a password spaying attack. Figured from the study found that:

  • 75% of the participating organisations had accounts with passwords that featured in the top 1,000 passwords.
  • 87% had accounts with passwords that featured in the top 10,000.

Suggesting that password spraying attacks are more than likely to have some success against these businesses, and many others across the UK. Education is key when it comes to cyber security. The most effective approach your business can take is to educate your team and create a cyber aware culture, this will mean your team avoid using common passwords in the first place.

Contact us today to find out how we can help.