Compromised credentials and what to do about them

Compromised credentials and what to do about them

Cybercriminals are constantly devising new ways to steal sensitive information from unsuspecting users. Phishing, malware attacks, and other social engineering methods are widespread, but many businesses still aren’t using proactive techniques to secure their network.

According to the 2018 Verizon Data Breach Investigations Report, stolen credentials are the leading cause of all security breaches. Brute force attacks, whereby hackers guess passwords and PIN codes through trial and error are surprisingly more prevalent and more successful than ever. What's more, McAfee’s Cloud Adoption and Risk Report states that 80% of all enterprises experience at least one compromised account threat per month.


Everybody is a victim

This trend isn’t surprising at all; in fact, many businesses do little to encourage the use of strong passwords. This leads to employees using weak codes such as “12345678” or “passw0rd” for their accounts.

Even big corporations aren’t immune to the problem of compromised credentials. Back in October 2018, Google announced that it would be shutting down its social networking service Google+ due to a data breach that affected half a million users. As a result, the company suffered financial losses and a damaged reputation.

Moreover, internet portal Yahoo took three years before informing users of a breach involving one billion customers. Later on, the company revealed that it was not one but three billion accounts had been infiltrated by cybercriminals.

These show that all businesses, no matter how big or small, are susceptible to credential theft, and not enough companies are implementing an effective strategy to combat cyberattacks.

Prevention is better than cure

The cybersecurity industry has perpetuated a notion that businesses can block threats right at their perimeter and that attacks can be stopped if they have the appropriate tools. This gives organizations a false sense of security.

Installing firewalls and anti-malware software merely isn't enough to defend against compromised credentials. Employees must take a proactive role in cybersecurity, too. To do this, you need to educate employees on how to stay safe online and on how to implement password best practices.

For instance, you can simulate a phishing attack to see who would willingly provide their login credentials to an unverified sender. Training should also focus on getting employees in the habit of setting longer alphanumeric passwords, using unique access codes for each of their accounts, and never allowing web browsers to save passwords.

Mitigating the risk

Passwords are never 100% secure and no one should expect them to be. That’s why businesses must know how to reduce the risk of credential theft. Here are some things to consider

  1. Use multifactor authentication (MFA)
  2. MFA lets you secure accounts not only with passwords, but also with another form of authentication like fingerprint scanning or one-time SMS codes sent to a registered smartphone. So even if a hacker acquires a password, they still won’t be able to access the account without going through the second verification process.

  3. Search for stolen passwords
  4. Use sites like haveibeenpwned and have experts monitor the dark web to find out which account credentials have been compromised. Take the appropriate steps to change passwords internally and notify customers to do the same.

  5. Partner with a managed IT services provider (MSP)
  6. An MSP protects you from compromised credentials with access management tools, advanced threat protection, and round-the-clock network monitoring.These allow them to detect suspicious account behavior and prevent hackers from doing further damage to your network. The best part is they don’t cost as much as paying for an in-house IT department.

Compromised credentials are never good news. Here at Binatech, we offer a professional network security solution that gives you peace of mind with your sensitive data. Want to learn more? Call us today.