In its recent 2016 Data Breach Investigations Report, Verizon Enterprise confirmed many industry trends that we see at ID Agent every day. The most glaring blind spot for organizations is how stolen credentials are the primary means by which hackers exploit their vital systems.
Credentials are the holy grail for hackers. In a study of 905 phishing attacks, the vast majority—91 percent—were after user credentials.
Stolen Credentials Are a Big Problem That You May Not Know About
Verizon found that “63% of confirmed data breaches involved leveraging weak, stolen or default passwords.” Further, Verizon reported that 93% of data breaches occurred within minutes, while 83% weren’t discovered for weeks.
The time between a breach and its discovery is where the real damage from a cyber attack occurs. Hackers can exploit stolen credentials to install malware on an employee’s computer and in your network. The malware can extract sensitive information before you know your system has been compromised.
A common means by which hackers infiltrate corporate systems is by phishing attacks. A common phishing attack is to send out a seemingly legitimate email that asks the recipient to reset a password. When the recipients clicks on the link and enters their current password information, the hacker has it.
Another alarming statistic from the Verizon report is that 30% of phishing emails are opened and 12% of the links are clicked. Clicking on the link can result in more than just a stolen password – it could also be the means by which malware is installed on the system.
Why You Should Worry About Stolen Credentials
Many IT professionals feel that stolen credentials aren’t a problem because they come from a third-party (for example, an employee’s corporate email credentials are stolen from a retail website.) The Verizon report clearly shows why stolen third-party credentials are a problem.
Here are three examples of how stolen third-party credentials can impact your corporate network:
- Hackers use social engineering to breach corporate systems. For example, an employee’s credentials are stolen from a banking phishing attack. The first thing the hacker will do is try to access the corporate system using the same password or variations of it (for example, substituting a ! for a 1.) This tactic is surprisingly effective.
- Hackers install malware on an employee’s computer. When an employee clicks on a link in a phishing email, it could trigger the installation of malware on their computer. A common tactic is to install key logging software, which allows the hacker to access login information to the corporate system.
- Hackers install malware that ends up on the corporate network. Similar to the tactic described above, the malware could be spread to the corporate network when the employee logs in. This could begin the process of extracting sensitive corporate data and intellectual property.
Damages from a data breach can be huge. In addition to the direct costs of restitution, restoration and fines, indirect costs of reputational damage and lost sales can be staggering.
How Can You Limit the Damage from Stolen Credentials?
The reality is that no system is impenetrable. However, a hardened defense can send hackers looking for an easier target. Two factor authentication, biometrics, strong passwords and employee security training are some of the ways you can make yourself a hard target.
If your network is breached, the key to limiting the damage is quick detection. The primary reason hackers do what they do is greed – they are looking for ways to quickly sell the data that they steal. Most hackers will try to sell stolen credentials on the Dark Web. A stolen credential monitoring tool like Dark Web ID will quickly alert you if your organization’s credentials are being offered for sale.
If you’d like to learn more about stolen credentials monitoring, please contact us to schedule a demo.