Do as I say, not as I do?

Many IT and cybersecurity professionals aren’t taking their own advice when it comes to practicing good cybersecurity hygiene.

According to a recent Arctic Wolf report, which queried roughly 1,500 security decision-makers and end-users in July, 68% of IT and cybersecurity leaders admitted to reusing passwords at least occasionally. This compares to 64% of end users.

And the revelations don’t stop there, as IT professionals also confessed to living on the edge when it comes to storing their passwords. About 26% of respondents claimed that they kept track of their passwords by writing them down or using a computer spreadsheet. Meanwhile, 29% said that they relied on their memory to track their credentials. The report also found that 36% of IT leaders commit the grievous sin of disabling security measures on their system.

Nothing new under the sun. The report’s findings come as the need for good credential hygiene has only grown in importance. Last year, IT Brew reported that the 10 most common passwords in 2023 could be cracked in seconds.

Read the rest here.—BM

The way disclosures should be.

CDK. Find Great People. Varsity Brands. It seems like every cybersecurity breach gets reported on first through the state of Maine—a surprising role for the small northern New England state with a population just over one million, and growing slowly.

But it makes sense once you get a better idea of the law. The reason, according to Danna Hayes, office special assistant at the Maine Attorney General’s office, is likely that the state’s law around cybersecurity reporting is so strict.

“Maine’s law requires disclosure if one Maine resident has been affected,” Hayes told IT Brew in an email. “While I can’t speak to other states’ laws or practices, I believe that might be why Maine’s disclosures are often cited.”

Legal eagles. The law in question? Maine’s Notice of Risk to Personal Data Act. The law covers the responsibilities of information and data brokers who suffer breaches, specifically to “give notice of a breach of the security of the system following discovery or notification of the security breach to a resident of this State whose personal information has been, or is reasonably believed to have been, acquired by an unauthorized person.” The emphasis on “a resident” means that all it takes is one.

Read more here.—EH

The boys (the Internet Archive) are back in town (in service) after a brief hiatus spurred by a chain of cyberattacks earlier this month.

In an Oct. 21 blog post, the non-profit announced that it had begun to offer a read-only version of its digital library website. The service joins the Wayback Machine and Archive-It—which were both made available again last week—as functions that have been restored following a slew of cyberattacks that had occurred earlier in the month.

“As the security incident is analyzed and contained by our team, we are relaunching services as defenses are strengthened,” the digital library said in the blog post. “These efforts are focused on reinforcing firewall systems and further protecting the data stores.”

The comeback after the setback. The feat arrives after a chaotic couple of weeks for the digital archive website, which serves as the internet’s generational storyteller. IT Brew previously reported that the non-profit organization suffered a data breach that reportedly compromised the information of 31 million users, and multiple distributed denial-of-service (DDoS) attacks earlier this month.

Keep reading here.—BM

Join us this Thursday, Oct. 31, in New York—or via livestream—for our cybersecurity event, where we’re bringing together the brightest minds to explore the future of tech defenses. From quantum computing and AI to the latest cloud security, this lineup of experts will share everything you need to know to balance cutting-edge tech with real-world policy and human factors. If you’re ready to level up your digital defenses, don’t miss out on this ultimate cybersecurity deep dive! Grab your ticket now!