Gov & Biz Passwords Easily Hacked: Warns Report

X

It seems government departments are no longer sacred from hackers says new findings. But business is far from safe either.
Almost one fifth of government passwords to enable access to highly confidential information are at risk of being compromised when exposed to a stress test or brute force hacking, a report released yesterday reveals.

But this is nothing compared to private sector firms which show major weakness in passwords usage and other state agencies, it also warns. 

The stress tests run by the Australian National Audit Office which consisted of password combinations and symbols could expose shortcomings posed by password used if run over a period of time, leaving them wide open to hackers and other security risks.

Other test methods consisting of words and numerical were also run although they failed to expose the same level of weakness the primary “brute force” test. 

“Of more concern was that in three of the four agencies audited, the test compromised some administrator and/or service account passwords.”

The departments tested included the high profile Department of the Prime Minister and Cabinet, Australian Office of Financial Management and Medicare Australia.

So what can be done to minimise risk from hacking? More complex passwords rather than simple ones is a start but also standard security settings like an auto lock out after a number of access attempts will also reduce the security risk, according to the report.

However, fraud can be internal or external, the report entitled The Protection and Security of Electronic Information Held by Australian Government Agencies, also warns.

 

And this means personal information could also be easily accessed but it also means business could be exposed to similar type security risks on its IT systems.

So what can be done to prevent fraud? Among the steps to minimise risks are as follows:

· Regular supplier reviews (includes surprise audits)
· Data mining / analysis
· Internal and external reporting mechanisms (hotlines, website, internal reporting channels)
· Response to identified / reported frauds
· Management / internal audit review of internal controls

An entity’s fraud risk assessment also needs to be updated at least every two years or in the event of a significant change.

Belkin Better Together 728x90 1 Gov & Biz Passwords Easily Hacked: Warns Report
Antiglare 728x90 Gov & Biz Passwords Easily Hacked: Warns Report
728x90 Gov & Biz Passwords Easily Hacked: Warns Report
TCL20 728x90 1 Gov & Biz Passwords Easily Hacked: Warns Report
HAR0532 SHCHnews PBOX 728x90 Gov & Biz Passwords Easily Hacked: Warns Report
728x90 TCL Mini LED FUll Array Gov & Biz Passwords Easily Hacked: Warns Report
Polk Magnifi Mini 728x90 1 Gov & Biz Passwords Easily Hacked: Warns Report
728x90 MOTOROLA EDGE 20 PRO Gov & Biz Passwords Easily Hacked: Warns Report
Media 728 × 90 Gov & Biz Passwords Easily Hacked: Warns Report
PAN1992 MWO Banners LB 728x90px V2 Gov & Biz Passwords Easily Hacked: Warns Report


YOU MAY ALSO LIKE