Private and Public Industries Face Unsatisfactory Cybersecurity Reviews [Weekly Cybersecurity Brief]

employees working on computers
Share on facebook
Share on linkedin
Share on twitter
Share on email
Share on whatsapp

What does the hospitality industry have in common with government agencies? They both have reported holes in their cybersecurity strategies. From scoring poorly on system reviews, to using insecure passwords and facing a list of vulnerabilities, this week’s cybersecurity headlines made clear the work that lies ahead for many industries. 

According to new research from NordPass studying 17 industries, employees of the hospitality industry used their company’s name as a password the most often. The study also found that only 29% of the industry’s employees use unique passwords, meaning that a percentage of hospitality workers are reusing passwords for multiple accounts. As Chad Hammond, security expert for NordPass explained, “Password reuse is a huge problem that poses a big threat to both consumers and businesses. If one password is compromised, all other accounts are jeopardized too.” NordPass came to this conclusion by gathering information from public third-party breaches that affected Fortune 500 companies. As travel picks back up once again, the organization suggests taking steps as simple as creating more complex passwords, applying multi-factor authentication, and further educating employees on cybersecurity implications.

However, the hospitality industry is not the only one facing weak cybersecurity structures. As Ars Technica reported last week, eight federal agencies received low scores from a recent review conducted by a US Senate Committee on Homeland Security and Governmental Affairs. Within the review, four agencies were given a “D” for cybersecurity hygiene, three were given “C’s” and only one was given a “B.” The review, which looked at security practices by the agencies for 2020, found issues such as systems that were “frequently operated without the required authorizations, ran software (including Microsoft Windows) that was no longer supported, and failed to install security patches in a timely manner,” as the article written by Dan Goodin stated. Of the agencies reviewed were institutions such as the State Department and the Social Security Administration. The report also revealed that information security incidents across the federal government increased by 8% throughout 2020.

These reports of major cybersecurity flaws come as concern over vulnerabilities is still high. The US, UK, and Australian cybersecurity agencies and the FBI just released a joint cybersecurity advisory pointing out the top 30 most exploited vulnerabilities in 2020 and 2021 that continue to pose threats to the stability of systems. The advisory, published by The United States Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the UK’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI), relayed that remote working, VPNs, and cloud-based technologies were some of the most at-risk cybersecurity elements. It also named specific vulnerabilities such as issues with Citrix NetScaler arbitrary code execution CVE-2019-19781, Pulse Secure Connect arbitrary file reading CVE-2019-11510, and Fortinet path traversal CVE-2018-13379. CPO Magazine shared that the advisory warned that such vulnerabilities will persist if they remain “unpatched.” 

 

Key Takeaways:

“Research reveals holes in hospitality industry’s cybersecurity” – Hotel Business

https://www.hotelbusiness.com/research-reveals-holes-in-hospitality-industrys-cybersecurity/

  • According to new research from NordPass studying 17 industries, employees of the hospitality industry used their company’s name as a password the most often.
  • The study also found that only 29% of the industry’s employees use unique passwords, meaning that a percentage of hospitality workers are reusing passwords for multiple accounts.
  • As Chad Hammond, security expert for NordPass explained, “Password reuse is a huge problem that poses a big threat to both consumers and businesses. If one password is compromised, all other accounts are jeopardized too.”

“The State Department and 3 other US agencies earn a D for cybersecurity” – Dan Goodin, Ars Technica

https://arstechnica.com/information-technology/2021/08/the-state-department-and-3-other-us-agencies-earn-a-d-for-cybersecurity/

  • Eight federal agencies received low scores from a recent cybersecurity review conducted by a US Senate Committee on Homeland Security and Governmental Affairs.
  • Within the review, four agencies were given a “D” for cybersecurity hygiene, three were given “C’s” and only one was given a “B.”
  • Of the agencies reviewed were institutions such as the State Department and the Social Security Administration.

“US, UK, and Australia Issue Joint Cybersecurity Advisory on the Top 30 Most Exploited Vulnerabilities in 2020 and 2021” – Alicia Hope, CPO Magazine

https://www.cpomagazine.com/cyber-security/us-uk-and-australia-issue-joint-cybersecurity-advisory-on-the-top-30-most-exploited-vulnerabilities-in-2020-and-2021/

  • The US, UK, and Australian cybersecurity agencies and the FBI just released a joint cybersecurity advisory pointing out the top 30 most exploited vulnerabilities in 2020 and 2021.
  • The advisory, published by The United States Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the UK’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI), relayed that remote working, VPNs, and cloud-based technologies were some of the most at-risk cybersecurity elements.
  • It also named specific vulnerabilities such as issues with Citrix NetScaler arbitrary code execution CVE-2019-19781, Pulse Secure Connect arbitrary file reading CVE-2019-11510, and Fortinet path traversal CVE-2018-13379.

Discover More: