We have all heard the stories of employee credentials and other company information being hacked and stolen only to hear of these items being found on the dark web. There is a disconnect, however, in the impact of these losses and it’s time we start to rethink our responses to include a reaction. The disconnect exists because of the delay between the actual theft and when it is used. The delay results in a lack of an immediate alert.
If I come home from work and there is a pipe busted in my house I can react. I see the problem and I have to fix it. After all, my family likes water and water damage is really costly. My immediate response is to shut off the water so that I can get the situation temporarily calmed down. I can then identify the problem, rectify the issue, and turn the water back on. It’s a very clear-cut emergency and response.
The problem with credential theft is that there is no initial visible sign that the theft took place. When the credentials were stolen it was done silently, under cover, and without an alert going off, months before you were even notified. These stolen credentials are then posted and sold on the dark web. A buyer then verifies the credentials still work, they are purchased, and an attack is launched against your company to steal more data and possibly shut you down. That’s when the alerts go off for you, just like when my pipe burst, you can now see the emergency. The difference being I may not be as likely to easily rectify that emergency as the damage could be widespread, resulting in me having a lot more to gain control of.
Your company has credentials everywhere. Some are used to login to your company assets. Others are your users who need to access vendor sites. You have users who login to HR portals and healthcare providers. Possibly these credentials are used to login to sales tools, where you find new business. Often you have credentials at financial partners. As you already know, the amount of credentials your company has is uncountable since they are all over the place and only growing. And with users not using password managers you could have a major issue on many other sites due to password reuse.
To give you an idea of the size of these issues, here are some statistics out there just this year alone.
From June to September 2020, Barracuda Network researchers evaluated over 3.5 million spear-phishing attacks which were targeting credential theft. That is 3.5 million attacks, which contain multiple attempts!.
Healthcare security breaches are up 49% from 2019, affecting countless patients.
Tyler Technologies, which controls and supports software for many government agencies, recently fell for an attack which disclosed the credentials of many of their clients. This was a huge issue that affected organizations and individuals.
These types of attacks are an example of why we recently launched a new web monitoring service ClosedPort: ID Alert. There are plenty of services out there allowing you to go and check to see if your domain has credentials posted on an illegal market, however, they lack the ability to tell you when these are initially posted. Knowing when they are posted online can give you a heads up to easily change all passwords and likely prevent a larger issue from occurring. We want to give you the information sooner.
This is also a reason we heavily recommend MFA Everywhere. This is our push to get clients to implement a MFA solution which makes usernames and passwords useless without and additional piece of information.
These two simple solutions, along with a password manager, can go a long way to mitigate these risks. These are both low-cost and low-overhead solutions that in my mind should not be optional. Get connected with an MFA vendor like us, or whomever is competent to get this rolled out, and get MFA in your budget for 2021. Let’s be on the offensive with our credentials and organizational assets.
Have a terrific Thanksgiving Holiday and thank you to all of the BLOG readers. I hope we are doing our service and providing you with thought provoking content. We will always be here for you since you are there for us.