How You Can Stop Corporate Login Credential Theft
Check out all the Smart Security Summit on-demand sessions here.
Corporate spending on cybersecurity continues to rise. The latest estimate puts the average figure at over $5 million for 2021. Yet in the same year, US organizations reported a record number of data breaches. So what's wrong?
An unholy trinity of static passwords, user error, and phishing attacks continue to undermine security efforts. Easy access to credentials gives threat actors a huge advantage. And user training alone cannot redress the balance. A robust approach to credential management is also needed, with layers of protection to ensure credentials don't fall into the wrong hands.
The password problemNearly half of all reported breaches in the first half of this year involved stolen credentials. Once obtained, these credentials allow threat actors to impersonate legitimate users to deploy malware or ransomware or move laterally across corporate networks. Attackers can also engage in extortion, data theft, intelligence gathering, and business email compromise (BEC), with potentially massive financial and reputational repercussions. Breaches caused by stolen or compromised credentials had an average cost of $4.5 million in 2021 and took longer to identify and contain (327 days).
It may come as no surprise to learn that underground cybercrime is awash with stolen credentials. In fact, there were 24 billion in circulation in 2021, a 65% increase from 2020. One factor is poor password management. Even though passwords cannot be guessed or cracked, logins can be individually phished by users or stolen.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereThe common practice of password reuse means that these credential transfers can be fed into automated software to unlock additional accounts on the web, in so-called stuffing attacks identification. Once in the hands of hackers, they are quickly put to work. According to a study, cybercriminals gained access to almost a quarter (23%) of accounts immediately after the compromise, most likely via automation...
Check out all the Smart Security Summit on-demand sessions here.
Corporate spending on cybersecurity continues to rise. The latest estimate puts the average figure at over $5 million for 2021. Yet in the same year, US organizations reported a record number of data breaches. So what's wrong?
An unholy trinity of static passwords, user error, and phishing attacks continue to undermine security efforts. Easy access to credentials gives threat actors a huge advantage. And user training alone cannot redress the balance. A robust approach to credential management is also needed, with layers of protection to ensure credentials don't fall into the wrong hands.
The password problemNearly half of all reported breaches in the first half of this year involved stolen credentials. Once obtained, these credentials allow threat actors to impersonate legitimate users to deploy malware or ransomware or move laterally across corporate networks. Attackers can also engage in extortion, data theft, intelligence gathering, and business email compromise (BEC), with potentially massive financial and reputational repercussions. Breaches caused by stolen or compromised credentials had an average cost of $4.5 million in 2021 and took longer to identify and contain (327 days).
It may come as no surprise to learn that underground cybercrime is awash with stolen credentials. In fact, there were 24 billion in circulation in 2021, a 65% increase from 2020. One factor is poor password management. Even though passwords cannot be guessed or cracked, logins can be individually phished by users or stolen.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereThe common practice of password reuse means that these credential transfers can be fed into automated software to unlock additional accounts on the web, in so-called stuffing attacks identification. Once in the hands of hackers, they are quickly put to work. According to a study, cybercriminals gained access to almost a quarter (23%) of accounts immediately after the compromise, most likely via automation...
What's Your Reaction?
