Security threats: Compromised or stolen credentials

March 1, 2021
|
Pouya Koushandehfar
|
Cybersecurity
,

Identity is one of the main components in information security and plays a key role in the overall security posture of an organisation. It defines who the user is (person) and their access to applications, databases and other internal IT resources within an organisation. A user identity or credentials - often composed of a username and password - unlocks access to sensitive personal or commercial data and must be protected. Compromised credentials via an unknown method is the second most prevalent cyber incident that has been reported to the OAIC during the second half of 2019 and the first half of 2020.  

Cyber Incident Breakdown
Cyber Incident Breakdown 2019

This highlights the importance of identity and password management to reduce the risk of data breaches caused by compromised or stolen credentials.  The security landscape is evolving every day and cybercriminals are gaining more sophisticated methods to gain unauthorised access to personal and business data.   Here are examples of  popular methods:

Phishing Attacks

As discussed in Security threats: Phishing,  phishing is one of the most popular methods attackers use to disguise an email, text message or log-in interface as trustworthy, luring a person to disclose their username and password, and gaining control of a person’s account.

Credential Stuffing

Most people tend to re-use the same username and password for different accounts, including those used in a work environment. This creates vulnerabilities in security because if one of your accounts is breached and posted online over the dark web, all your other accounts that have the same username and password will be open to cyber attack.

Brute Force Attacks

Brute Force Attack is a method of decoding sensitive data using trial-and-error at scale. Typically done using hacking tools, scripts or bots to crack passwords and encryption keys, it generates a large number of consecutive guesses until the correct combination is found. In less than 6 hours, a cyber attacker could crack every possible eight-character password containing upper and lower case letters, digits, and symbols  

Top tips to protect your business from compromised or stolen credentials

  1. Using unique passwords for each account or service.
  2. Using password managers such as LastPass or Bitwarden are useful in managing secure access to multiple accounts
  3. Enable two-factor or multi-factor authentication.
  4. Education programs to increase the security awareness of employees.
  5. Continuous monitoring of services, identities, and accesses in your business

What are the best security solutions?

As security attacks are constantly evolving with greater sophistication, businesses need to use advanced security solutions that use machine learning and AI  technologies to detect threats proactively and protect their business with up-to-date security controls. By implementing technologies such as Microsoft Defender and Azure AD Password Protection paired with Byte’s Secure Workplace Solution and Secure Managed Services we can help you protect, detect, analyse and mitigate risks and threats.

Recent Posts

Social Media in Digital Customer Service: A Strategy for Building Brand Loyalty and Resolving Issues
Measuring Success in AI-Driven Customer Experience: Key Indicators for Impact Assessment
Ensuring Compliance with the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 in IT Companies
Unveiling the Power of Data Analytics in Digital Customer Service: Personalising Customer Experiences
Predictive Analytics in AI-Driven CX: Anticipating Customer Needs for Enhanced Experiences
Optimising Collaboration Tools for Effective Communication in Hybrid Teams
Safeguarding Customer Data in Digital Customer Service: Addressing Security and Privacy Concerns
Preparing for and Responding to Regulatory Audits in IT Security and Data Protection in Australia
Navigating Technical Issues in Digital Customer Service: Strategies for Swift Resolution and Effective Communication
Embracing Zero Trust with SASE: Practical Examples and Aligning Principles

Categories

Attracting new customers
Retaining staff
Returning to work
Optimising technology spend
Working from home
Device Management
Autopilot
ChatGPT
SASE
Optimising Networks
Data Breach
Compliance
Tech Strategy
AI for CX
Digital Customer Service
Energy
Bots
FSI
Accounting
Genesys
Case Study
Women in IT
Contact Centre
Managed Services
Working for Byte
Windows
Uncategorized
Team Building
OneSpace
News
New Technology
Microsoft
Disaster Recovery
Data Protections
Cybersecurity
Customer Service
Cloud Data
Microsoft Azure

Follow us

Dive behind the scenes and keep up to date on the latest people centred tech.

Find out how we can support your business

Talk to us today