A Brute Force Attack is a strategy used by hackers trying to break into your data, password, or network. In this attack a computer, or its Graphics Processing Unit (GPU) will try trillions of passwords combinations on a password hash trying to reverse engineer your password. Brute Force Attacks aren’t a popular attack because they require a good deal of computing power and waiting. According to Verizon’s data breach report from 2017, this strategy accounted for 5% of data breaches in 2017.
As an SMB Owner, How do I protect against this attack?
Brute force attacks commonly occur when a directory store against which a hacker can attempt a password authentication is accessible from the Internet. Other times, hackers steal the database of password hashes, exfiltrate it and work on it at their leisure on their own systems.
Consequently, to stop the first form of attack, block all inbound access from the Internet to your authentication systems and replace them with 2-factor authentication (2FA) requirements. 2FA is also an excellent protection from hackers breaking into your network to steal the database of hashes from you in the second form of attack as well so you get two protections in one step!
SMB owners should also work with their Managed Services Provider or IT department to ensure that your login error response codes to authentication services (prior to a 2FA prompt) give no indication of valid or invalid users. This prevents hackers from zeroing in on specific accounts with multiple low and slow password authentication attempts.
Another powerful defense mechanism against these attacks is to ensure you have proper password hygiene across your entire enterprise including Internet-based software solutions (salesforce, Smart Sheets, Drop Box, social media properties etc). The only way to secure strong password hygiene in your business is by adopting a password manager, which allows all users to create long and complex passwords that defend you against attacks brute force attacks (and many other forms of attack).
Related Reading: Are You Reusing Passwords? That’s a Bad Idea