- Goodbye to the password?
- Savvy Cybersecurity quick links
- Software updates
Dear Sir or Madam,
Welcome to your May Savvy Cybersecurity newsletter. Read on to learn more about:
- Salesforce websites leaking data
- New AI cybersecurity hacks
- And much more
Goodbye to the password?
For years, security experts have warned about the dangers of our reliance on passwords. We know that the majority of individuals are not following password best practices for every account they create leaving them vulnerable to hackers. But how can we protect ourselves online without passwords?
Google has taken a step in accelerating a "passwordless future" with the introduction of passkeys across the Google suite of products.
What is a passkey?
An alternative to the traditional password, a passkey allows you to sign into an app or site as you would unlock your mobile device, with biometric data or a special PIN. Passkeys are stored locally on your device and are more secure than other options such as one-time text codes.
How does a passkey work?
When you begin to sign in to an account with a passkey, you will enter your username. Then you will be asked to either provide your fingerprint, biometric scan, or PIN. Once that is supplied, you will have access to your account.
You will still be able to access your accounts from multiple devices—you will create a passkey for each device. If you need to sign in from a public location, you can create a one-time passkey from your phone to sign into the device.
Why is a passkey secure?
A passkey can only exist on your physical device—it cannot be written down or stolen through a hack. When you use a passkey, you are saying you have access to your physical device and know how to unlock it. (Of course, if your device is stolen and is protected by a PIN—someone could be able to guess it and access your account.) Overall, passkeys are deemed the most secure option—even more secure than using two-factor authentication (especially when receiving text message codes).
How can you start using a passkey?
If you are a Google user and want to try out a passkey, visit http://g.co/passkeys.
Some public Salesforce sites are leaking sensitive user information. Several organizations that use Salesforce Community as its website provider discovered that a flaw in the software could allow unauthorized users to access an organization's private data. Banks, healthcare providers, and state governments are all users of the Salesforce Community.
New AI hacks are wreaking havoc on cybersecurity for better and for worse. Generative artificial intelligence is transforming the cybersecurity industry – for both attackers and defenders. Defenders are using the technology to protect their critical infrastructure, government organizations, and corporate networks. While attackers are harnessing AI to launch their sophisticated attacks at a larger scale.
What we've learned – two years after the Colonial Pipeline attack. This month has marked two years since the attack on Colonial Pipeline. This attack captured headlines around the world while Americans filled bags with fuel with the fear of possibly not making it to work or getting their children to school. The Cybersecurity and Infrastructure Security Agency (CISA) have been laser-focused on improving resilience across the nation. Here is what CISA has learned and done over the past two years to help prevent future attacks.
Business leaders do not understand cybersecurity. A new survey of over 2,000 IT security decision-makers revealed that only 39% of respondents thought their company's leadership had a sound understanding of cybersecurity's role as a business enabler. Additionally, 36% of respondents believed that an understanding of cybersecurity is only important in terms of compliance and regulatory demands. More importantly, the disconnect between business and security goals appeared to have caused at least one negative consequence to 89% of respondents. Read more to understand the importance of implementing cybersecurity into your business and the consequences that can occur if you don’t.
NASA is creating AI and cyber risks with a lack of AI definition. This month, a government watchdog reported that NASA's Office of Inspector General (OIG) found that agency personnel had their own understanding of what the term "AI" means instead of a formal definition provided by the agency. This impairs NASA's ability to accurately classify and track AI tools and could increase the risk of cyber threats because with, the lack of definition, it will make it more challenging to meet federal AI monitoring and cybersecurity requirements. Read more about what this could mean for NASA here.
Adobe: Over a dozen security vulnerabilities are closed in this month's Adobe update. The security issues affect Acrobat and Acrobat Reader. You can download the updates here.
Microsoft: Microsoft released updates for nearly 50 security issues—including two that are currently being exploited. One of the flaws allows hackers to remotely load malware on your device before the operating system even starts up. There is another critical flaw in Outlook that installs malware by a user simply viewing an infected email in the Preview Pane. Your device should prompt you to update automatically. You can learn more here.