Cybersecurity Defenses Compromised By Employees’ Passwords

Shareholder ERIC WRIGHT has been involved with Information Technology with Schneider Downs since 1983 and oversees the firm’s thriving Technology Consulting and IT Audit & Compliance practices. Through this role, Eric brings extensive experience in assessing IT infrastructure and identifying cybersecurity risk and exposure.

One of our clients felt fairly good about their existing cybersecurity defenses. But they were still afraid of the unknown and newer cyber attack techniques. Through our regular audit procedures, we inquired about their current cyber controls and their confidence in withstanding an attack. We then performed a network penetration test which simulates an external adversary hacking their network. This procedure identified the client’s unknown weaknesses in their defenses through a live test.

“Within 48 hours, we were able to guess the passwords of close to 10% of their employees, effectively giving us VPN access to their corporate network and certain employee utilities, like email.” Eric said. “We also found that their corporate intranet site was visible over the internet and susceptible to login via the bad passwords. After identifying these issues, we worked with the client to make significant changes to their environment to make it harder for an attacker to break in.”

Schneider Downs provides Big Thinking and Personal Focus in delivering a variety of services for large and small businesses, both publicly and privately held, as well as nonprofit organizations, government entities and more. Through our commitment to thought leadership and knowledge management, we deliver the solutions our clients need with a personal commitment to service.

Get the weekly newsletter with our most recent columns and relevant insights to you.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Breached?

Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.