Identity is one of the main components in information security and plays a key role in the overall security posture of an organisation. It defines who the user is (person) and their access to applications, databases and other internal IT resources within an organisation. A user identity or credentials – often composed of a username and password – unlocks access to sensitive personal or commercial data and must be protected. 

Compromised credentials via an unknown method is the second most prevalent cyber incident that has been reported to the OAIC during the second half of 2019 and the first half of 2020.   

 

Cyber Incident BreakdownCyber Incident Breakdown 2019

 

This highlights the importance of identity and password management to reduce the risk of data breaches caused by compromised or stolen credentials. 

 The security landscape is evolving every day and cybercriminals are gaining more sophisticated methods to gain unauthorised access to personal and business data.  

 Here are examples of  popular methods:

 

 Phishing Attacks 

As discussed in Security threats: Phishing,  phishing is one of the most popular methods attackers use to disguise an email, text message or log-in interface as trustworthy, luring a person to disclose their username and password, and gaining control of a person’s account.
 

Credential Stuffing 

Most people tend to re-use the same username and password for different accounts, including those used in a work environment. This creates vulnerabilities in security because if one of your accounts is breached and posted online over the dark web, all your other accounts that have the same username and password will be open to cyber attack. 


Brute Force Attacks 

Brute Force Attack is a method of decoding sensitive data using trial-and-error at scale. Typically done using hacking tools, scripts or bots to crack passwords and encryption keys, it generates a large number of consecutive guesses until the correct combination is found. In less than 6 hours, a cyber attacker could crack every possible eight-character password containing upper and lower case letters, digits, and symbols 

 

Top tips to protect your business from compromised or stolen credentials 

  1. Using unique passwords for each account or service. 
  2. Using password managers such as LastPass or Bitwarden are useful in managing secure access to multiple accounts 
  3. Enable two-factor or multi-factor authentication. 
  4. Education programs to increase the security awareness of employees. 
  5. Continuous monitoring of services, identities, and accesses in your business 

 

 What are the best security solutions? 

As security attacks are constantly evolving with greater sophistication, businesses need to use advanced security solutions that use machine learning and AI  technologies to detect threats proactively and protect their business with up-to-date security controls. 

 

By implementing technologies such as Microsoft Defender and Azure AD Password Protection paired with Byte’s Secure Workplace Solution and Secure Managed Services we can help you protect, detect, analyse and mitigate risks and threats.