With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in United Kingdom and Singapore…
A few weeks ago, Tony Neate, CEO of the UK Government's Get Safe Online initiative, state that any password is better than no password at all, even if it's as simple as “abc123”. While I understand the sentiment – sometimes the security industry can scare off the general public with overcomplicated advice – I disagree. There are definitely some passwords which are effectively the equivalent to having no password at all, including “123456”, “password”,” qwerty” and yes, “abc123”.
The news this week about the Tesco accounts breach illustrates the danger of weak passwords. Over 2000 Tesco accounts were hacked using credentials obtained from a previous breach of a different company. Yahoo! Mail experienced a similar security incident less than a month ago. What this tells us is that attackers have automated the process of hacking user accounts to the point that if you are reusing or using weak passwords, then it's basically as easy for them to access your account as if you had no password at all.
It can be a pain to deal with multiple complex passwords across multiple sites. Personally, I was in denial and continued reusing a variation of the same 2-3 passwords for many years until I invested 30 minutes to set up my LastPass account. There are many other similar solutions out there, like 1Password and KeePassX, and they're not by any means perfect. I'd be the first to admit that it can be a pain when sometimes you just want instant access to your account from a new machine, but this it's much better than using “abc123”.
For a small city-state in the middle of South East Asia, Singapore's military defense has always punched above its weight. In 2013, Singapore allocated $12 billion of its budget on defense, compared to its two much larger neighbors, Malaysia and Indonesia, who spent $5 billion and $7.9 billion each respectively. Recently, Singapore has been putting the same focus and investment into its cyber defenses, perhaps in response to the ‘hacktivism' attacks in November 2013.
This week, Israel Aerospace Industries (IAI) announced that it has launched a new R&D centre in Singapore, comprising of white hat hackers, scientists and engineers, with the goal of tackling complex cyber security problems. This collaboration mirrors the close relationship between the Singapore and Israel Armed Forces, which began in the late 1960s after Singapore achieved independence from Malaysia. If Singapore's cyber defense heads in the same direction, then I won't be surprised if it soon becomes one of the most secure nations in the world.