Security Leaders are Finally Recognizing How Big of a Problem Compromised Credentials Are
Over the past few years, it’s become evident that attackers are no longer “hacking” to carry out data breaches ― they are simply logging in by exploiting weak, stolen, or otherwise compromised credentials. That’s why this month’s discovery of a massive repository of 773 million email addresses and more than 21 million passwords floating on the Dark Web doesn’t come as a surprise to many security experts. It’s just further proof that identity has become the new security perimeter and the battleground for mitigating cyber-attacks that impersonate legitimate users.
Typically, hackers seek the path of least resistance and target the weakest link in the cyber defense chain ― humans. Consequently, most of today’s data breaches are front-ended by credential harvesting campaigns, followed by credential stuffing attacks. Once inside, hackers can fan out and move laterally across the network, hunting for privileged accounts and credentials that help them gain access to an organization’s most critical infrastructure and sensitive data.
Forrester Research has estimated that despite continually-increasing cyber security budgets, 80 percent of security breaches involve privileged access abuse and 66% of companies have been breached an average of five or more times. As a result, organizations need to look beyond user names and passwords when it comes to authenticating employees to protect accounts and secure access to valuable data and critical systems. [read more]
Compromised Credentials: Why User Names and Passwords Are Not Enough