phished password

by Kevin Lancaster

Security Awareness Training Isn’t Exciting – But You Don’t Want the Kind of Excitement That Twitter Just Experienced Because of a Phished Password.

When we first heard about the Twitter hack, questions and speculation started flying around the cybersecurity world. Was it state-sponsored attackers? Political groups? A gang of professional cybercriminals? Considering the size and scope of the hack and the high profile of the targets, not to mention the security expectations for a company like Twitter, experts immediately assumed that the hack was highly-organized and technologically advanced. But they were wrong – one phished password was to blame. The mastermind behind the Twitter breach was a 17-year-old kid who successfully phished and caught a privileged employee password.

How Did the Humble Password Cause Havoc at Twitter?

The process that this hacker used to get his hands on a useful employee password for Twitter was laughably simple – phishing. Specifically, spear phishing. In a recent update on the incident, Twitter noted that the hacker/s gained access to an account management dashboard by using social engineering and spear-phishing (including attacks on smartphones) to obtain credentials from Twitter employees that allowed them to access internal systems.

Connect IT Global

Join us (virtually) at Connect IT Global for 4 days of amazing panels, workshops, and networking opportunities! Passes start at $99. REGISTER NOW!>>>>

How Can You Prevent This from Happening to You?

Security awareness training, including phishing resistance and credential handling, isn’t very glamorous. But cybersecurity risk involving user error is not something that can be solved without it. People can and will make mistakes, and ss long as users are accessing systems and data, they need to be trained in security awareness and risk management to avoid potentially devastating (and embarrassing) incidents like this one.

A Successful Phishing Attack Led Directly to This Breach. Improve Your Staff’s Phishing Resistance.

Training your employees to resist today’s #1 security threat, phishing attacks, is the biggest long-term improvement in security that you can make. Over 90% of attacks that end in a data breach start with phishing, and a huge increase in phishing attacks means that your staff is putting your business at risk with every email ( or company sms text or instant message) that they handle. Not to mention, phishing is the most common delivery system for ransomware. Just like Twitter, your company is 1 click away from a cybersecurity disaster.

BullPhish ID quickly increases employee phishing resistance, creating awareness of unexpected phishing threats, including COVID-19 threats. Perfect for in-office or remote training, easy management tools enable set-it-and-forget-it training for customizable groups of users. Our constantly updated plug-and-play training content includes over 80 complete phishing resistance training kits and 50 security video campaigns – with 27 videos available in 8 languages.

phished password

Take a look at how our cost-effective, up-to-date, phishing resistance training quickly reduces your risk of ransomware or compromise through email.

See BullPhish ID at work in a 10-minute demo video

Does Your Staff Really Know Better Than to Share Their Passwords? Boost Password Security With Automated Protection.

Password security is an ongoing problem for every company. One compromised password was enough for these hackers to access sensitive systems at Twitter, allowing them to manipulate user accounts and see confidential data. Recycling and resuse raise risk – 48% of workers use the same passwords in both their personal and work accounts. Which is a big problem, because compromised passwords cause 81% of data breaches.

Passly helps solve your password security problem by providing additional security that blunts the impact of a compromised password with one simple but powerful tool: multifactor authentication (MFA). Your login system will ask every user for a code or authentication token delivered through an app, text message, or another method, every time they log in – and that’s something that the bad guys won’t have, denying them access to your systems and data.

phished password

See how this affordable multifunctional secure identity and access management solution integrates seamlessly to improve your security on Day 1!

Watch a 10-minute demonstration of Passly now.

Even Twitter Needs to Improve Security Awareness Training. Shouldn’t You Do That Too?

Increasing security awareness with improved phishing resistance training and password safety tools sounds like the kind of routine maintenance that can be put off “until things slow down”, but it can’t. 2020 is on track to be a record year for data breaches, and you don’t want to be part of that record. As this incident at Twitter illustrates, adherence to basic security protocols can save companies from cybercrime – and that’s a threat every company is facing every day.

Don’t put it off another day – improve security awareness training now to save money and headaches later.


Share This Post!