The holiday season may be in full swing, but cybercriminals don’t take holidays. In fact, during major holidays, they frequently take advantage of thinner staffing levels and distracted employees to up their ante. We can expect the breaches, ransomware, and other cyber hits to keep coming, and possibly even increase over the next few weeks.
Case in point: GoDaddy, which recently disclosed a breach impacting 1.2 million customers using its Managed WordPress hosting environment, including both direct customers and resellers. In an all-too-familiar scenario, it took GoDaddy some time to detect that it had been compromised. GoDaddy disclosed the incident on November 22, but it began over two months prior, on September 6.
Something else that’s familiar? Like the overwhelming majority of data breaches, this one began with a compromised password, which the threat actor used to access the provisioning system in GoDaddy’s legacy codebase. The company’s investigation is ongoing.
Many Consumers who Are Breached React by Doing Nothing
While the GoDaddy breach involves a product that’s primarily purchased by organizations, many if not most data breaches also impact consumers, and the problem is pervasive. A recent survey of U.S. consumers by the Identity Theft Resource Center (ITRC) reveals that 73% of consumers believe their information has been compromised in a breach. Their fears are not unfounded; 72% have actually received a data breach notification letter.
While most breach victims take some remedial action, such as changing their password on the breached account (48%) or even all of their passwords (22%), a notable percentage of respondents, 16%, admitted they do absolutely nothing.
Why is that?
- 26% told ITRC that “[their] data is already out there,” so they feel it makes no difference.
- 29% think that the breached organization would take care of the problem.
- 17% had no idea what they should be doing.
- 14% dismissed the breach notification letter as a scam.
Keeper BreachWatch monitors the Dark Web and immediately alerts you if your credentials are put up for sale.
Learn More
Not surprisingly, ITRC also found that a lot of respondents also engage in poor password practices.
- 85% admitted to reusing passwords on multiple accounts.
- 13% don’t think that using strong passwords is important.
- 33% of people who don’t follow best password security practices think that their own methods are “good enough.”
There’s a lot to unpack in these findings. With data breaches so pervasive, it’s understandable that consumers are becoming overwhelmed and feeling that there’s no point in trying to protect themselves. However, by taking a few simple precautions, both consumers and organizations can protect themselves against the vast majority of data breaches:
Since most of these same breach-fatigued consumers are someone else’s employees, U.S. organizations are perfectly positioned to educate them about password security practices and it’s in their best interest to do so. If employers don’t oversee their employees’ password security, the employees will bring their bad habits into the workplace, resulting in yet more breaches.
Keeper’s zero-knowledge, enterprise-grade password security and encryption platform makes it easy for employers to do that. Keeper gives IT administrators complete visibility into employee password practices, enabling them to monitor and enforce password security policies organization-wide, including the use of strong, unique passwords and MFA. Keeper takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs of any size organization.
Let’s not give in to breach fatigue, not when there’s so much that can be done to fight back, and it’s all so simple to do!
Not a Keeper customer yet? Sign up for a 14-day free trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.