If your password is 'superman' or 'blink182' you might want to change it
The UK's National Cyber Security Centre has released its annual review for 2019 which sets out cybersecurity trends and looks at how the agency has been protecting consumers and businesses.
One of the most interesting findings is the list of most hacked passwords. 'Superman', exposed 333,139 times, and 'blink182', exposed 285,706 times, top the lists for fictional characters and musicians respectively. If you are a soccer fan, 'liverpool', exposed 280,723 times, is not a good password choice. But it's old favorite '123456', exposed more than 23 million times, that's top overall.
Another interesting feature of the report is the NCSC's pioneering Haulster operation which has disrupted financial cyber crime by flagging fraudulent intention against more than one million stolen credit cards. This has allowed the banks to take action before cybercrimnals actually tried to use the cards. The NCSC is in the process of scaling this operation, and hopes to reduce considerably more attacks in the near future.
It also highlights the success of the Active Cyber Defence (ACD) scheme, an interventionist approach that helps prevent attacks thanks to things like the Takedown Service, which finds malicious sites and sends notifications to the host to get them removed.
Over the past year the NCSC has handled 658 cyber incidents, with support provided to almost 900 victim organizations, prevented more than 177,000 malicious phishing attacks, produced 154 threat assessments for a range of sectors, and delivered, along with sector and law enforcement partners, cyber security awareness and training sessions to more than 2,700 charities.
"This review gives a real insight into the breadth of outstanding work done by the NCSC and underlines why we are a world leader in cyber security," says NCSC chief executive Ciaran Martin. "From handling more than 600 incidents -- many from hostile nation states -- to equipping the public with the tools they need to stay safe online, we are employing our expertise on a number of fronts."
The report does raise concerns about people's ability to stay safe online, however. "Worryingly, the NCSC report discovered that only a third of British people know how to protect themselves from cyber breaches, highlighting the lack of public education with regards to security. Passwords are the weak link, and organizations must have an obligation to protect their customers and provide the safest methods of authentication," says Jason Tooley, chief revenue officer at digital ID specialist Veridium. "Eliminating the password from user authentication is more easily achieved with the adoption of biometrics, as this negates the risk of phishing. Transitioning to a passwordless approach does not mean using a biometric in isolation, still using PINS or replaying passwords in the background, you need to remove passwords in their entirety across all factors of authentication."
You can see the full report in snazzy interactive form on the NCSC site.
Image credit: frank_peters / Shutterstock