Article Details

Fighting off cyberattacks? Make sure user credentials aren’t compromised. As an IT professional, you know that threat actors work overtime to get your end-users’ credentials. Whether it’s 3 PM on a Tuesday or 3 AM on a Sunday, they’re constantly dreaming up new ways to trick end-users into providing sensitive information. And their round-the-clock efforts seem to be paying off. Login credential theft presents one of the biggest and most enduring cybersecurity problems, with the Ponemon Institute reporting that 54% of security incidents are due to credential theft. So how do you keep your end-users' credentials safe? Here, we’ll look at the motivations driving credential theft and the social engineering tactic bad actors are likely to use. Then, we’ll explore why password reuse is such a huge problem and discuss the best way to mitigate the risks associated with compromised passwords. Motives for Credential Theft The dark web is filled with cybercriminals interested in selling stolen data to the highest bidder — things like social security numbers, sensitive corporate data, passwords, or credit card information. Whether their goal is gaining money through fraud or simply wreaking havoc on a system as a form of social “hacktivism,” cybercriminals constantly refine their targets and methods. But why are cybercriminals so focused on grabbing credentials? Because they realize that humans are creatures of habit. Most people — 51% admit to reusing the same login credentials across multiple sites, so if bad actors can successfully access one set of credentials, they can likely access multiple bank accounts, credit cards, emails, and more.  In other words, stolen credentials give cybercriminals the key to walk right in the front door of the organization they want to attack.  Social Engineering Tactics Used to Steal Credentials Forbes reports that in the last year alone, 39% of people had their passwords compromised.  But what methods do cybercriminals use to get their hands on this information? Common social engineering attacks include: The Password Reuse Problem and How to Mitigate It The problem of reusing passwords is massive and one of the biggest ways cybercriminals can hack into multiple accounts associated with a single user. Reusing a known breached password in an attack grew 5.8 billion per month in 2002. Despite the known risks and persistent threat of passwords reuse, end-users keep doing it. Exploding Topics reports that: But it isn’t just non-technical end-users who fall victim to the temptation to reuse passwords — the HIPPA Journal reports that 92% of IT leaders have admitted to reusing passwords across multiple accounts!  What happens if a reused password becomes compromised? All of your other security measures are completely negated. Any site or network on which the user is using a compromised password is also jeopardized. So, for example, if your end-user decides to use their ultra-secure 20-character Hulu password as their password to log into corporate email account, your security is at risk.  The risk of passwords being compromised is real and has real-world consequences. So how can your organization effectively combat password reuse and associated risks? One of the best places to start is with a comprehensive password tool like Specops Password Policy with Breached Password Protect, which prevents end-users from using over four billion (and growing) unique known compromised passwords.  Specops Password Policy continually checks for compromised passwords, alerting users if a password becomes compromised and forces them to change their password the next time, they log in. The solution also includes features like custom password dictionaries so you can block the use of other common and high-probably passwords specific to your company name, products, location. Proactive Security is a Smart Investment In the ever-evolving world of cyber threats, threat actors are working around the clock to steal your users’ information — but even the most vigilant IT teams can’t be expected to work 24/7/365 to keep threats at bay.  To reduce your risk, invest in continuous security tools that augment your IT team with round-the-clock protection. For the greatest level of protection, insist on a tool capable of proactively checking end-user passwords to ensure they can’t be used in an attack. Adding a tool like Specops Password Policy with Breached Password Protection to your security offense will help strengthen your frontline defense. Sponsored and written by Specops Software.