Please enter your email below to subscribe
A recent report stated that a router manufacturer had left usernames and passwords hardcoded into its products. This vulnerability meant that any attacker who knew those items could bypass any user-provided login controls and access a customer’s network.
Default usernames and passwords are one of the most time-honored of all IT vulnerabilities. Manufacturers use them to permit installation and they should always be removed once any piece of equipment or software is operational and part of the customer’s system. Yet, despite decades of experience with this classic security flaw, the story repeats itself.
IT security awareness can easily be hijacked by the latest headlines and buzzwords. Advanced Persistent Threats (“APT”) are justifiably an international concern as nations and businesses struggle to guard themselves against extremely sophisticated attacks. But since attacks come in many patterns, the term itself can be a distraction from developing an effective security profile. After all, if everyone is talking about APTs, logically that is where we should all focus our attention.
The harsh reality, however, is that some attacks are so sophisticated that preventing an intrusion may be either impossible or close to it. What then should an organization do? The simple answer is to do what you can. What everyone can do is look for and close those loopholes, like default installation access codes, which are solvable. Picking the low hanging fruit, so to speak, may not empty the entire threat-tree, but being as secure as you can be is never a bad answer.
Bart M. Schwartz is the chairman of Guidepost Solutions LLC, a global leader in investigations, due diligence, security and technology consulting, immigration and cross-border consulting, and monitoring and compliance solutions.