Highlights on the COMELEC security breach
In light of the recent news regarding the Philippines Commission on Elections security hack Barry Scott, chief technology officer of EMEA at Centrify has commented:
“While the specifics of the attack have yet to be confirmed, a spokesperson for the Philippines Commission on Elections (COMELEC) admitted that the security of the website isn’t high. The majority of breaches occurring today are due to compromised user credentials AKA the humble username and password. If a password is too simple, it can be guessed. If it’s too complicated, then it needs to be written down and risk being found and used someone else. Replicating log in details is the worst of all – if one password can be hacked, then all the other accounts can be too.
“Multi-Factor Authentication brings an additional layer of security which requires access to something the user knows (eg, one-time generated pass-code sent to a mobile phone) or that the user has, eg a biometric fingerprint). Instead of purely focusing on the network perimeter, organisations should use an individual’s identity as the first line of defence in order to have a central point of controlling who is accessing what, and to what extent.
“This latest breach follows an earlier attack on the 27 March and is testament that once in, hackers have the potential to gain access to privileged account information, then the doors of the network are wide open for repeat visits.”
Image Source: Pixbay