IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Cybersecurity experts weigh in on GoDaddy data breach
Wed, 24th Nov 2021
FYI, this story is more than a year old

Cybersecurity experts are weighing in on the recent GoDaddy data breach, which saw the potential exposure of 1.2 million customers' data.

The breach occurred after an unauthorised person used a compromised password to gain access to GoDaddy's systems.

Anurag Kahol, chief executive at Bitglass, says with many internet users holding dozens of online accounts across various services, it has become more difficult for them to memorise numerous, complex passwords.

"Unfortunately, password reuse has become a common malpractice that increases the chances of account hijacking when one set of a users credentials are leaked," he says.

"More than 80% of hacking-related breaches are tied to lost or stolen credentials and it is now self-evident that passwords alone are not enough when it comes to authenticating users."

Kahol says consumers and businesses must work together to ensure the privacy of corporate and personal data.

"To properly verify the identities of their employees and customers, companies must enhance their security protocols by establishing continuous, context-based security throughout the entire login experience," he explains.

"Solutions like multi-factor authentication (MFA) and single sign-on (SSO) do not require users to remember countless passwords, while also mitigating the risk of account compromise.

"On a consumer level, users can safeguard their digital identity by educating themselves on the risks of password reuse, following cybersecurity best practices, and staying informed on rising threats," says Kahol.

"Because we now live in a time when our daily lives revolve around the internet and our various accounts therein, identity management awareness has never been more critical.

Danny Lopez, chief executive at Glasswall, says reports of hackers gaining access to web hosting companies such as this is troubling, given the amount of data such businesses hold and the ramifications if it falls into the wrong hands.

"Organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems," he says.

"It's vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the public domain.

"This will help to limit the blast radius, and in most cases, defeat the data breach."

Lopez says attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed.

"Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network," he says.

"In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside."